From bgmahesh at gmail.com Wed Feb 1 03:01:49 2006 From: bgmahesh at gmail.com (BG Mahesh) Date: Wed Feb 1 03:01:51 2006 Subject: Looking for Mailscanner+CommunigatePro scripts Message-ID: <5227ac5c0601311901u1c5b946dt69b6baeff4bd15da@mail.gmail.com> hi I am looking for Mailscanner scripts that will work with CommunicatePro [ stalker.com]. I am unable to find the source anywhere. If anyone has personal experience using this combo I would love to hear. -- -- B.G. Mahesh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/0aec1bab/attachment.html From bgmahesh at gmail.com Wed Feb 1 03:04:21 2006 From: bgmahesh at gmail.com (BG Mahesh) Date: Wed Feb 1 03:04:23 2006 Subject: SurgeMail+Mailscanner info needed Message-ID: <5227ac5c0601311904v49a3796ha12ae37e2ad03744@mail.gmail.com> hi Is anyone using Mailscanner with Surgemail [surgemail.com]? How easy is to set it up. -- -- B.G. Mahesh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/783cda1a/attachment.html From mailstodevi at yahoo.com Wed Feb 1 03:30:02 2006 From: mailstodevi at yahoo.com (Devi S) Date: Wed Feb 1 03:30:11 2006 Subject: spamassassinprefsfile at line 1377 In-Reply-To: Message-ID: <20060201033002.55454.qmail@web50606.mail.yahoo.com> Scott Silva wrote: > > Please advice. Thank you. Is this an upgrade? Did you run the upgrade_MailScanner_conf script? I think I didn't do that this time. Julian also advised to do it. Can I do it now or should I do it only during next upgradation? Regards Devi S. Our greatest glory is not in never falling- but in rising every time we fall - Confucius --------------------------------- What are the most popular cars? Find out at Yahoo! Autos -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060131/09d62279/attachment.html From brent.addis at pronet.co.nz Wed Feb 1 07:07:29 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Wed Feb 1 07:08:03 2006 Subject: Looking for Mailscanner+CommunigatePro scripts In-Reply-To: <5227ac5c0601311901u1c5b946dt69b6baeff4bd15da@mail.gmail.com> References: <5227ac5c0601311901u1c5b946dt69b6baeff4bd15da@mail.gmail.com> Message-ID: <43E05E31.1070200@pronet.co.nz> I used communigate at a previous company, it never really worked. you are much better off setting up mailscanner as a gateway in front of the communigate server. BG Mahesh wrote: > > hi > > I am looking for Mailscanner scripts that will work with > CommunicatePro [stalker.com ]. I am unable to find > the source anywhere. > > If anyone has personal experience using this combo I would love to hear. > > -- > -- > B.G. Mahesh -- Regards, Brent Addis Technical Account Manager Pronet Internet NZ LTD Mobile: 021 723 612 -------------- next part -------------- A non-text attachment was scrubbed... Name: brent.addis.vcf Type: text/x-vcard Size: 286 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/6e9407a2/brent.addis.vcf From taz at taz-mania.com Wed Feb 1 07:23:14 2006 From: taz at taz-mania.com (Dennis Willson) Date: Wed Feb 1 07:23:18 2006 Subject: Looking for Mailscanner+CommunigatePro scripts In-Reply-To: <43E05E31.1070200@pronet.co.nz> References: <5227ac5c0601311901u1c5b946dt69b6baeff4bd15da@mail.gmail.com> <43E05E31.1070200@pronet.co.nz> Message-ID: <43E061E2.9050104@taz-mania.com> I use Communigate and I run sendmail with MailScanner (actually several of them) as hubs prior to the Communigate server. Communigate has lots of nice end user functionality, Spam filtering it's weak on however. They didn't really put hooks in that would allow MailScanner to work effectively the way it does with other MTAs. Plus I like to have multiple mail hubs anyway and this way I can bring one down and work on it without the end users being interrupted or even knowing I'm doing it. Usually to upgrade, take my spare server and build a totally new machine and completely test it and then just swap it for one of the hubs, I then take that machine and build it exactly like the one I just put in and then replace the next hub and so on. No down time at all for the users which makes my life easier. Brent Addis wrote: > I used communigate at a previous company, it never really worked. you > are much better off setting up mailscanner as a gateway in front of > the communigate server. > > BG Mahesh wrote: > >> >> hi >> >> I am looking for Mailscanner scripts that will work with >> CommunicatePro [stalker.com ]. I am unable to >> find the source anywhere. >> >> If anyone has personal experience using this combo I would love to hear. >> >> -- >> -- >> B.G. Mahesh > > > From mailscanner at mango.zw Wed Feb 1 08:11:43 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Feb 1 08:20:03 2006 Subject: OT: sendmail greet_pause feature Message-ID: Perhaps other sendmail users know all about this, but I have only looked at it for the first time. I run sendmail 8.13.1 and have decided to implement the greet_pause feature for the first time (after seeing that it is a default option in Debian installations). This requires a specified delay after connection, which can be network specific, before a client system is allowed to send any SMTP commands. Any client that breaks normal SMTP protocols by trying to force commands before receiving the go-ahead is immediately disconnected. This seems to distinguish very successfully between genuine mailers and spammers/viruses that are not RFC-compliant. Using a 5 second delay I have found that the system has blocked over 3200 connections in the first 24 hours I used it. The client systems were all typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR record at all. I found only four systems in the blocked group that looked as if they were genuine. On further investigation I found that earlier log records for some of those sites indicated behaviour typical of virus infections in any case. To implement the feature: Add the following to the sendmail.mc file: FEATURE(`greet_pause', `5000')dnl 5 seconds Rebuild sendmail and restart MailScanner: m4 < sendmail.mc > sendmail.cf service MailScanner restart Then specific entries for client hostname, domain, IP address or subnet can be put in the access file: GreetPause:my.domain 0 GreetPause:example.com 5000 GreetPause:10.1.2 2000 GreetPause:127.0.0.1 0 Definitely worth a look I would say, as it blocks large numbers of spammers before they are allowed to send any data, with very low risk of blocking genuine systems. It even seems to allow genuine mail from infected systems to be accepted while blocking viruses from those same systems before the DATA phase - as many viruses seem to behave rather impolitely :-) Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From glenn.steen at gmail.com Wed Feb 1 08:49:46 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 08:49:50 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602010049k72250beat@mail.gmail.com> On 01/02/06, Richard Edge wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Tuesday, January 31, 2006 3:12 PM > To: MailScanner discussion > Subject: Re: ALL_TRUSTED problems > > > >Did you do a reload on mailscanner after editing? > > Yes > > >I'd also STRONGLY suggest running: > >spamassassin --lint. > > >As previously suggested. You should run that EVERY time you edit a > config file. > > Which I always do. No problems reported. Ok, how about quoting a bit of the begining of "spamassassin --lint -D" here? Just the part Matt's been asking about... One gets the nagging feeling that for some reason spamassassin isn't seeing this file you keep changing... At least not when running as the user MailScanner is run as... There's a thought, are you perhaps running Postfix (sorry if you've mentioned this already:)? In that case, run the lint/debug as your postfix user (might entail "su - postfix --shell=/bin/bash" if you have it suitably secured). Anyway, "try running it as close to what it's like when run in MailScanner" is the general idea. Things to note (I know this has been said already, but...:-) are, of course, site rules directory, and the reading in of the mailscanner.cf file. > > > Please use https://helpdesk.twu.ca for all Technical support requests. > Really? A relative of mine has these BMC 1300s that consume approximately as much oil as petrol.... Would the helpdesk handle that too:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Wed Feb 1 09:03:17 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Feb 1 09:03:42 2006 Subject: ALL_TRUSTED problems In-Reply-To: Message-ID: <003b01c6270e$57a5d8f0$3004010a@martinhlaptop> Richard I presume that /etc/mail/spamassassin is the correct place for mailscanner.conf to be? Ie it's the same dir that's also got the *.pre and local.cf files in it as well??? MailScanner normally does a good job of spotting which dir the pop the mailscanner.conf, but its worth checking. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Edge > Sent: 31 January 2006 23:04 > To: MailScanner discussion > Subject: RE: ALL_TRUSTED problems > > I have tried adding "clear_trusted_networks" and have confirmed that I > only have one configuration file with trusted_networks, > /etc/mail/spamassasin/mailscanner.cf which is linked to > /etc/MailScanner/spam.assassin.prefs.conf and it is still firing and > with a score of -1.80. This is in spite of also adding a "score > ALL_TRUSTED -0.01" to the spam.assassin.prefs.conf and commenting out > the "trusted_networks". The "score ALL_TRUSTED -0.01" setting does not > seem to have any effect on the scoring of this test. > > I have also tried leaving the trusted_networks commented out and > removing "score ALL_TRUSTED -0.01" from spam.assassin.prefs.conf and > adding it to /etc/mail/spamassassin/local.cf without any change. This > occurs on both gateways with identical configurations. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Tuesday, January 31, 2006 1:32 PM > To: MailScanner discussion > Subject: Re: ALL_TRUSTED problems > > You might need to add > clear_trusted_networks > before you set the trusted_networks value. > > Richard Edge wrote: > > I am have a problem with the ALL_TRUSTED test. No matter what what I > > set the ALL_TRUSTED score to in spam.assassin.prefs.conf it still > > fires with a score of -1.80. I have also added "trusted_networks" > > settings with the IP addresses of our internal mail server and it also > > > fires on messages received from untrusted IP's. > > > > I am using MailScanner 4.50.12-2 and SA 3.1. > > > > > > *Richard Edge* > > /Senior Systems Administrator |/ Technology Services Trinity Western > > University | t: 604.513.2089 > > f: 604.513.2038 | e: edge twu.ca| _www.twu.ca/technology_ > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Feb 1 09:05:00 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Feb 1 09:05:09 2006 Subject: SurgeMail+Mailscanner info needed In-Reply-To: <5227ac5c0601311904v49a3796ha12ae37e2ad03744@mail.gmail.com> Message-ID: <003c01c6270e$94fb9960$3004010a@martinhlaptop> Hi Prob best to configure as an email gateway where mail hits the MS machine first and after processing is passed onto the surgemail/ms-exch/whatever server. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of BG Mahesh > Sent: 01 February 2006 03:04 > To: mailscanner@lists.mailscanner.info > Subject: SurgeMail+Mailscanner info needed > > > hi > > Is anyone using Mailscanner with Surgemail [surgemail.com]? How easy is to > set it up. > > -- > -- > B.G. Mahesh ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Feb 1 09:20:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 09:21:05 2006 Subject: MailScanner ANNOUNCE: 4.50 released Message-ID: <940603D9-0CFD-4E02-BB91-1F7AD9E48118@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Morning all, A major new release this month, with around 40 new features and improvements. The major highlights are: - - Great speed improvements. Many sites are seeing 40% speed improvement. - - Auto-detection of installed virus scanners. - - Zero-configuration required on sendmail systems. You no longer need to set configuration options in MailScanner.conf, it will auto-detect the presence of SpamAssassin and your virus scanning engines. - - New UU-decoder to allow filename and filetype traps in UU-encoded files inside attachments. - - Many command-line options added to the "MailScanner" command so you can test your configuration, evaluate rulesets and debug your installation without have to set the debug options in MailScanner.conf. Type "MailScanner --help" for more information. "MailScanner --lint" is particularly useful. Download this major update from www.mailscanner.info ** Please note you will need to run the installation script ./ install.sh as several new modules have been added to it to support the new features. The whole Change Log is this: (as you can see, it has been a busy month :-) - - Speed increased significantly! Caches SpamAssassin results. Note you need to run my install.sh script to get the new modules required. - - If "Virus Scanners = auto" (ie. the installed default value) then it searches for and uses every available installed virus scanner. - - Added SpamAssassin cache analyser (analyse_SpamAssassin_cache) to the distributions. 99% written by Steve Freegard of MailWatch fame. - - Upgraded ClamAV+SA bundle to ClamAV 0.88. - - Added default headers that Thunderbird 1.5 will use to automatically identify spam based on SpamAssassin's spam headers. - - Added UU-decoder to automatically extract files from attachments that were stored in uu-encoded form. This behaves similarly to the zip and rar decoders. The virus scanners should check inside these files for themselves anyway, but this assists them when they do not. It also allows for filename and filetype checking of files stored in uu-encoded attachments. - - Added configuration option "Find UU-Encoded Files" to set whether uu-encoded files are decoded or not. These files are very rarely used, and the overhead of finding them is fairly large as it involves reading all existing attachments looking for the signature of them. So the default is to not look for them. A ruleset can be used to protect particularly vulnerable recipients or senders. - - You can now start up MailScanner without changing MailScanner.conf at all. It will auto-detect SpamAssassin and all available virus scanners. - - Changed default setting to "Use SpamAssassin = yes" and now auto- detect installation of SpamAssassin, logging installation instructions if it is not already installed and working. - - Added DBI and DBD::SQLite Perl modules. Please use my install.sh scripts when you upgrade or install this version. - - Added American spelling of "analyze_SpamAssassin_cache" as well as English spelling of "analyse_SpamAssassin_cache". - - DBI installation is forced in RPM distributions. - - Improved RPM installer to handle DBI module dependencies better. It now installs cleanly on the systems I have tested it on. These include Fedora Core 3, Fedora Core 4, SuSE 9.3, SuSE 10, RedHat Enterprise 4. - - Made log warnings more obvious when DBI/DBD::SQLite/Digest::MD5 are not all installed properly. - - Improved comments about "Allow Filenames" and "Allow Filetypes" in MailScanner.conf. - - Improvement to F-Prot output parser to handle new strings. - - Changed filename/type traps to account for new vulnerability in TNEF files. - - Adapted trend-autoupdate for 2006 onwards. - - --help implemented so you can see how to use it now. - - --debug now written. Works just like "Debug = yes" in MailScanner.conf. - - --debug-sa now written. Works just like "Debug SpamAssassin = yes". - - --check ruleset-checker now written. Takes max 1 from address, multiple to addresses, client IP address and virus name. - - Added a new command-line parameter "--lint" to verify the config file. - - --lint now prints what virus scanners you have chosen to use, and what - - --lint now checks SpamAssassin configuration too. scanners it can find installed. - - Added hi-res timing so the batch speed timings are now displayed to micro- second accuracy. - - Added Time::HiRes to the list of required modules. You must use ./ install.sh to upgrade to, or install, this version in order to get the new module. Time taken to process the entire batch is logged, and time taken to do "Always Looked Up Last" is logged separately if it is being used at all. - - Added check that MailScanner.conf has at least been customised to set the organisation name, long name and web site. - - Added "SpamAssassin Cache Timings" configuration option for the few people who need to adjust these settings. Do *not* change it unless you really know what you are doing, the default settings will work nicely. - - Updated important perl modules. - - Removed duplicate logging of warnings about infected messages. - - Added detection of no virus scanners being installed, giving the user advice about how to install ClamAV using my easy-installation package. - - Improved ClamAV+SA easy-installation package so that it automatically enables the updates by commenting out the "Example" lines. - - Changed default Lock Type for sendmail to "posix" instead of "flock" as new Linux systems (the most popular platform by far) run sendmail 8.13 or later, which requires this to be "posix". - - Upgraded Sys::Hostname::Long and HTML::Parser in ClamAV+SA package. - - Disabled movie format "deny" rules in filetype.rules.conf and have enabled filetype checking by default. - - Updated man pages. - - Updated AVG parser to handle latest version 7.1. - - Added "Always Looked Up Last After Batch" which is looked up after the "Always Looked Up Last" option. The 2nd of those is looked up once for each message, the "...After Batch" value is looked up once for the entire batch. It is only intended for use with a Custom Function, its value is ignored. * Fixes * - - Improved reliability of Bayes rebuilds a lot. - - Force installation of DBI as previous versions cause problems. - - Removed broken patch I was given, which was temporarily in 4.50. - - Packaging bug in 4.50.9-1 fixed. MailTools version typo. - - Fixed bug where temporary files were not cleaned up properly. - - Fixed missing HTML-Parser 3.48 package. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+B9bfw32o+k+q+hAQHw7QgAikH91ilicxP4r702IjugoHQ4z1hfBMaW N30eiEJ9eud09h9qi7XBNAzDd/oqXgiue/jzzh9KzIqIxHiGTfcr/FsASP3vWicK Sffq4Nru8zPwetbvaNQ/COhuRuOmp1pyQFg0aSFDX5TZDm2GcZPxen7HfrVUplV3 4Ovat/RqvSxMltYNPUmlj0xA/T6lekfSdme0dsU0gtY5BoYzhH4mmfvS7FGwJvES SKXkH9ggPvTqDAB/5Mi9hbJUZNc4dfWzV76R2bQ6BF6PK47xUf1o87kLGg0hhO3Z 6mGgVrYWvFOdE3uwdqCZ2O5zY/lK4Qbi533BylsAYwgo/Qu3iZ7hbg== =qFA6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From anders.andersson at ltkalmar.se Wed Feb 1 10:01:21 2006 From: anders.andersson at ltkalmar.se (Anders Andersson, IT) Date: Wed Feb 1 10:02:11 2006 Subject: sendmail greet_pause feature Message-ID: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jim Holland > Sent: Wednesday, February 01, 2006 9:12 AM > To: MailScanner mailing list > Subject: OT: sendmail greet_pause feature > > Perhaps other sendmail users know all about this, but I have > only looked at it for the first time. > > I run sendmail 8.13.1 and have decided to implement the > greet_pause feature for the first time (after seeing that it > is a default option in Debian installations). This requires > a specified delay after connection, which can be network > specific, before a client system is allowed to send any SMTP > commands. Any client that breaks normal SMTP protocols by > trying to force commands before receiving the go-ahead is > immediately disconnected. This seems to distinguish very > successfully between genuine mailers and spammers/viruses > that are not RFC-compliant. > > Using a 5 second delay I have found that the system has > blocked over 3200 connections in the first 24 hours I used > it. The client systems were all typical of spammers, with > adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR > record at all. I found only four systems in the blocked > group that looked as if they were genuine. On further > investigation I found that earlier log records for some of > those sites indicated behaviour typical of virus infections > in any case. I second that, thoguh I raised mine to 25 sec just for the fun of it. I started low but raised it by 5 sec eeverytime and its been running smooth. So far no one complained and the ones we have a great mailexchange with been added to acces list /Anders > > To implement the feature: > > Add the following to the sendmail.mc file: > > FEATURE(`greet_pause', `5000')dnl 5 seconds > > Rebuild sendmail and restart MailScanner: > > m4 < sendmail.mc > sendmail.cf > service MailScanner restart > > Then specific entries for client hostname, domain, IP address > or subnet can be put in the access file: > > GreetPause:my.domain 0 > GreetPause:example.com 5000 > GreetPause:10.1.2 2000 > GreetPause:127.0.0.1 0 > > Definitely worth a look I would say, as it blocks large > numbers of spammers before they are allowed to send any data, > with very low risk of blocking genuine systems. It even > seems to allow genuine mail from infected systems to be > accepted while blocking viruses from those same systems > before the DATA phase - as many viruses seem to behave rather > impolitely :-) > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service From roger at rudnick.com.br Wed Feb 1 10:26:28 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 1 10:26:26 2006 Subject: sendmail greet_pause feature References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> Message-ID: <023301c62719$f6c921c0$0600a8c0@roger> I'm using the rpm version of sendmail in my centos-3 box (sendmail 8.12) and I would like to upgrade to sendmail 8.13 to use this feature, that seems really great. Is there some problem I should be aware, or the tar.gz version found at sendmail.org would work fine on my machine? Anyone using 8.13 at centos-3 or some similar OS? Regards Roger Jochem ----- Original Message ----- From: "Anders Andersson, IT" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 8:01 AM Subject: RE: sendmail greet_pause feature >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Jim Holland >> Sent: Wednesday, February 01, 2006 9:12 AM >> To: MailScanner mailing list >> Subject: OT: sendmail greet_pause feature >> >> Perhaps other sendmail users know all about this, but I have >> only looked at it for the first time. >> >> I run sendmail 8.13.1 and have decided to implement the >> greet_pause feature for the first time (after seeing that it >> is a default option in Debian installations). This requires >> a specified delay after connection, which can be network >> specific, before a client system is allowed to send any SMTP >> commands. Any client that breaks normal SMTP protocols by >> trying to force commands before receiving the go-ahead is >> immediately disconnected. This seems to distinguish very >> successfully between genuine mailers and spammers/viruses >> that are not RFC-compliant. >> >> Using a 5 second delay I have found that the system has >> blocked over 3200 connections in the first 24 hours I used >> it. The client systems were all typical of spammers, with >> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >> record at all. I found only four systems in the blocked >> group that looked as if they were genuine. On further >> investigation I found that earlier log records for some of >> those sites indicated behaviour typical of virus infections >> in any case. > > I second that, thoguh I raised mine to 25 sec just for the fun of it. I > started low but raised it by 5 sec eeverytime and its been running > smooth. So far no one complained and the ones we have a great > mailexchange with been added to acces list > > /Anders > >> >> To implement the feature: >> >> Add the following to the sendmail.mc file: >> >> FEATURE(`greet_pause', `5000')dnl 5 seconds >> >> Rebuild sendmail and restart MailScanner: >> >> m4 < sendmail.mc > sendmail.cf >> service MailScanner restart >> >> Then specific entries for client hostname, domain, IP address >> or subnet can be put in the access file: >> >> GreetPause:my.domain 0 >> GreetPause:example.com 5000 >> GreetPause:10.1.2 2000 >> GreetPause:127.0.0.1 0 >> >> Definitely worth a look I would say, as it blocks large >> numbers of spammers before they are allowed to send any data, >> with very low risk of blocking genuine systems. It even >> seems to allow genuine mail from infected systems to be >> accepted while blocking viruses from those same systems >> before the DATA phase - as many viruses seem to behave rather >> impolitely :-) >> >> Regards >> >> Jim Holland >> System Administrator >> MANGO - Zimbabwe's non-profit e-mail service > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Feb 1 10:34:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 10:34:53 2006 Subject: sendmail greet_pause feature In-Reply-To: <023301c62719$f6c921c0$0600a8c0@roger> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Don't forget to change MailScanner.conf to Lock Type = posix when you upgrade sendmail to 8.13. You should be able to find a good RPM of this, so you don't build it from source and put everything in odd locations. Try http:// dag.wieers.com/ and search his RPM repository. On 1 Feb 2006, at 10:26, Roger Jochem wrote: > I'm using the rpm version of sendmail in my centos-3 box (sendmail > 8.12) and I would like to upgrade to sendmail 8.13 to use this > feature, that seems really great. Is there some problem I should be > aware, or the tar.gz version found at sendmail.org would work fine > on my machine? Anyone using 8.13 at centos-3 or some similar OS? > > Regards > > Roger Jochem > > ----- Original Message ----- From: "Anders Andersson, IT" > > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:01 AM > Subject: RE: sendmail greet_pause feature > > >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Jim Holland >>> Sent: Wednesday, February 01, 2006 9:12 AM >>> To: MailScanner mailing list >>> Subject: OT: sendmail greet_pause feature >>> >>> Perhaps other sendmail users know all about this, but I have >>> only looked at it for the first time. >>> >>> I run sendmail 8.13.1 and have decided to implement the >>> greet_pause feature for the first time (after seeing that it >>> is a default option in Debian installations). This requires >>> a specified delay after connection, which can be network >>> specific, before a client system is allowed to send any SMTP >>> commands. Any client that breaks normal SMTP protocols by >>> trying to force commands before receiving the go-ahead is >>> immediately disconnected. This seems to distinguish very >>> successfully between genuine mailers and spammers/viruses >>> that are not RFC-compliant. >>> >>> Using a 5 second delay I have found that the system has >>> blocked over 3200 connections in the first 24 hours I used >>> it. The client systems were all typical of spammers, with >>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>> record at all. I found only four systems in the blocked >>> group that looked as if they were genuine. On further >>> investigation I found that earlier log records for some of >>> those sites indicated behaviour typical of virus infections >>> in any case. >> >> I second that, thoguh I raised mine to 25 sec just for the fun of >> it. I >> started low but raised it by 5 sec eeverytime and its been running >> smooth. So far no one complained and the ones we have a great >> mailexchange with been added to acces list >> >> /Anders >> >>> >>> To implement the feature: >>> >>> Add the following to the sendmail.mc file: >>> >>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>> >>> Rebuild sendmail and restart MailScanner: >>> >>> m4 < sendmail.mc > sendmail.cf >>> service MailScanner restart >>> >>> Then specific entries for client hostname, domain, IP address >>> or subnet can be put in the access file: >>> >>> GreetPause:my.domain 0 >>> GreetPause:example.com 5000 >>> GreetPause:10.1.2 2000 >>> GreetPause:127.0.0.1 0 >>> >>> Definitely worth a look I would say, as it blocks large >>> numbers of spammers before they are allowed to send any data, >>> with very low risk of blocking genuine systems. It even >>> seems to allow genuine mail from infected systems to be >>> accepted while blocking viruses from those same systems >>> before the DATA phase - as many viruses seem to behave rather >>> impolitely :-) >>> >>> Regards >>> >>> Jim Holland >>> System Administrator >>> MANGO - Zimbabwe's non-profit e-mail service >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG 1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA== =QCbF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From roger at rudnick.com.br Wed Feb 1 10:44:37 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 1 10:44:33 2006 Subject: sendmail greet_pause feature References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se><023301c62719$f6c921c0$0600a8c0@roger> Message-ID: <025101c6271c$7fe54fe0$0600a8c0@roger> Dag Wieers repository has only sendmail 8.12, or I'm missing it. http://dag.wieers.com/packages/sendmail/ ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 8:34 AM Subject: Re: sendmail greet_pause feature > -----BEGIN PGP SIGNED MESSAGE----- > > Don't forget to change MailScanner.conf to > Lock Type = posix > when you upgrade sendmail to 8.13. > > You should be able to find a good RPM of this, so you don't build it > from source and put everything in odd locations. Try http:// > dag.wieers.com/ and search his RPM repository. > > On 1 Feb 2006, at 10:26, Roger Jochem wrote: > >> I'm using the rpm version of sendmail in my centos-3 box (sendmail >> 8.12) and I would like to upgrade to sendmail 8.13 to use this >> feature, that seems really great. Is there some problem I should be >> aware, or the tar.gz version found at sendmail.org would work fine >> on my machine? Anyone using 8.13 at centos-3 or some similar OS? >> >> Regards >> >> Roger Jochem >> >> ----- Original Message ----- From: "Anders Andersson, IT" >> >> To: "MailScanner discussion" >> Sent: Wednesday, February 01, 2006 8:01 AM >> Subject: RE: sendmail greet_pause feature >> >> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Jim Holland >>>> Sent: Wednesday, February 01, 2006 9:12 AM >>>> To: MailScanner mailing list >>>> Subject: OT: sendmail greet_pause feature >>>> >>>> Perhaps other sendmail users know all about this, but I have >>>> only looked at it for the first time. >>>> >>>> I run sendmail 8.13.1 and have decided to implement the >>>> greet_pause feature for the first time (after seeing that it >>>> is a default option in Debian installations). This requires >>>> a specified delay after connection, which can be network >>>> specific, before a client system is allowed to send any SMTP >>>> commands. Any client that breaks normal SMTP protocols by >>>> trying to force commands before receiving the go-ahead is >>>> immediately disconnected. This seems to distinguish very >>>> successfully between genuine mailers and spammers/viruses >>>> that are not RFC-compliant. >>>> >>>> Using a 5 second delay I have found that the system has >>>> blocked over 3200 connections in the first 24 hours I used >>>> it. The client systems were all typical of spammers, with >>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>>> record at all. I found only four systems in the blocked >>>> group that looked as if they were genuine. On further >>>> investigation I found that earlier log records for some of >>>> those sites indicated behaviour typical of virus infections >>>> in any case. >>> >>> I second that, thoguh I raised mine to 25 sec just for the fun of >>> it. I >>> started low but raised it by 5 sec eeverytime and its been running >>> smooth. So far no one complained and the ones we have a great >>> mailexchange with been added to acces list >>> >>> /Anders >>> >>>> >>>> To implement the feature: >>>> >>>> Add the following to the sendmail.mc file: >>>> >>>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>>> >>>> Rebuild sendmail and restart MailScanner: >>>> >>>> m4 < sendmail.mc > sendmail.cf >>>> service MailScanner restart >>>> >>>> Then specific entries for client hostname, domain, IP address >>>> or subnet can be put in the access file: >>>> >>>> GreetPause:my.domain 0 >>>> GreetPause:example.com 5000 >>>> GreetPause:10.1.2 2000 >>>> GreetPause:127.0.0.1 0 >>>> >>>> Definitely worth a look I would say, as it blocks large >>>> numbers of spammers before they are allowed to send any data, >>>> with very low risk of blocking genuine systems. It even >>>> seems to allow genuine mail from infected systems to be >>>> accepted while blocking viruses from those same systems >>>> before the DATA phase - as many viruses seem to behave rather >>>> impolitely :-) >>>> >>>> Regards >>>> >>>> Jim Holland >>>> System Administrator >>>> MANGO - Zimbabwe's non-profit e-mail service >>> -- >>> MailScanner mailing list >>> MailScanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG > 1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn > ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC > pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB > Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q > lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA== > =QCbF > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Wed Feb 1 10:49:08 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 1 10:49:16 2006 Subject: sendmail greet_pause feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D364D@isabella.herefordshire.gov.uk> You could always try grabbing the Centos 4.2 sendmail 8.13 source RPM and rebuilding: rpm --rebuild http://anorien.csc.warwick.ac.uk/mirrors/centos/4.2/os/SRPMS/sendmail-8. 13.1-2.src.rpm for example, and then installing (and reconfiguring as necessary). Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Roger Jochem > Sent: 01 February 2006 10:26 > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > I'm using the rpm version of sendmail in my centos-3 box > (sendmail 8.12) and I would like to upgrade to sendmail 8.13 > to use this feature, that seems really great. Is there some > problem I should be aware, or the tar.gz version found at > sendmail.org would work fine on my machine? Anyone using 8.13 at > centos-3 or some similar OS? > > Regards > > Roger Jochem > > ----- Original Message ----- > From: "Anders Andersson, IT" > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:01 AM > Subject: RE: sendmail greet_pause feature > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Jim Holland > >> Sent: Wednesday, February 01, 2006 9:12 AM > >> To: MailScanner mailing list > >> Subject: OT: sendmail greet_pause feature > >> > >> Perhaps other sendmail users know all about this, but I have > >> only looked at it for the first time. > >> > >> I run sendmail 8.13.1 and have decided to implement the > >> greet_pause feature for the first time (after seeing that it > >> is a default option in Debian installations). This requires > >> a specified delay after connection, which can be network > >> specific, before a client system is allowed to send any SMTP > >> commands. Any client that breaks normal SMTP protocols by > >> trying to force commands before receiving the go-ahead is > >> immediately disconnected. This seems to distinguish very > >> successfully between genuine mailers and spammers/viruses > >> that are not RFC-compliant. > >> > >> Using a 5 second delay I have found that the system has > >> blocked over 3200 connections in the first 24 hours I used > >> it. The client systems were all typical of spammers, with > >> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR > >> record at all. I found only four systems in the blocked > >> group that looked as if they were genuine. On further > >> investigation I found that earlier log records for some of > >> those sites indicated behaviour typical of virus infections > >> in any case. > > > > I second that, thoguh I raised mine to 25 sec just for the > fun of it. I > > started low but raised it by 5 sec eeverytime and its been running > > smooth. So far no one complained and the ones we have a great > > mailexchange with been added to acces list > > > > /Anders > > > >> > >> To implement the feature: > >> > >> Add the following to the sendmail.mc file: > >> > >> FEATURE(`greet_pause', `5000')dnl 5 seconds > >> > >> Rebuild sendmail and restart MailScanner: > >> > >> m4 < sendmail.mc > sendmail.cf > >> service MailScanner restart > >> > >> Then specific entries for client hostname, domain, IP address > >> or subnet can be put in the access file: > >> > >> GreetPause:my.domain 0 > >> GreetPause:example.com 5000 > >> GreetPause:10.1.2 2000 > >> GreetPause:127.0.0.1 0 > >> > >> Definitely worth a look I would say, as it blocks large > >> numbers of spammers before they are allowed to send any data, > >> with very low risk of blocking genuine systems. It even > >> seems to allow genuine mail from infected systems to be > >> accepted while blocking viruses from those same systems > >> before the DATA phase - as many viruses seem to behave rather > >> impolitely :-) > >> > >> Regards > >> > >> Jim Holland > >> System Administrator > >> MANGO - Zimbabwe's non-profit e-mail service > > -- > > MailScanner mailing list > > MailScanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From roger at rudnick.com.br Wed Feb 1 10:57:10 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 1 10:57:06 2006 Subject: sendmail greet_pause feature References: <86144ED6CE5B004DA23E1EAC0B569B580B0D364D@isabella.herefordshire.gov.uk> Message-ID: <026901c6271e$402a6460$0600a8c0@roger> I will try that... Thanks... ----- Original Message ----- From: "Randal, Phil" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 8:49 AM Subject: RE: sendmail greet_pause feature > You could always try grabbing the Centos 4.2 sendmail 8.13 source RPM > and rebuilding: > > rpm --rebuild > http://anorien.csc.warwick.ac.uk/mirrors/centos/4.2/os/SRPMS/sendmail-8. > 13.1-2.src.rpm > > for example, and then installing (and reconfiguring as necessary). > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Roger Jochem >> Sent: 01 February 2006 10:26 >> To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> >> I'm using the rpm version of sendmail in my centos-3 box >> (sendmail 8.12) and I would like to upgrade to sendmail 8.13 >> to use this feature, that seems really great. Is there some >> problem I should be aware, or the tar.gz version found at >> sendmail.org would work fine on my machine? Anyone using 8.13 at >> centos-3 or some similar OS? >> >> Regards >> >> Roger Jochem >> >> ----- Original Message ----- >> From: "Anders Andersson, IT" >> To: "MailScanner discussion" >> Sent: Wednesday, February 01, 2006 8:01 AM >> Subject: RE: sendmail greet_pause feature >> >> >> >> -----Original Message----- >> >> From: mailscanner-bounces@lists.mailscanner.info >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> >> Of Jim Holland >> >> Sent: Wednesday, February 01, 2006 9:12 AM >> >> To: MailScanner mailing list >> >> Subject: OT: sendmail greet_pause feature >> >> >> >> Perhaps other sendmail users know all about this, but I have >> >> only looked at it for the first time. >> >> >> >> I run sendmail 8.13.1 and have decided to implement the >> >> greet_pause feature for the first time (after seeing that it >> >> is a default option in Debian installations). This requires >> >> a specified delay after connection, which can be network >> >> specific, before a client system is allowed to send any SMTP >> >> commands. Any client that breaks normal SMTP protocols by >> >> trying to force commands before receiving the go-ahead is >> >> immediately disconnected. This seems to distinguish very >> >> successfully between genuine mailers and spammers/viruses >> >> that are not RFC-compliant. >> >> >> >> Using a 5 second delay I have found that the system has >> >> blocked over 3200 connections in the first 24 hours I used >> >> it. The client systems were all typical of spammers, with >> >> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >> >> record at all. I found only four systems in the blocked >> >> group that looked as if they were genuine. On further >> >> investigation I found that earlier log records for some of >> >> those sites indicated behaviour typical of virus infections >> >> in any case. >> > >> > I second that, thoguh I raised mine to 25 sec just for the >> fun of it. I >> > started low but raised it by 5 sec eeverytime and its been running >> > smooth. So far no one complained and the ones we have a great >> > mailexchange with been added to acces list >> > >> > /Anders >> > >> >> >> >> To implement the feature: >> >> >> >> Add the following to the sendmail.mc file: >> >> >> >> FEATURE(`greet_pause', `5000')dnl 5 seconds >> >> >> >> Rebuild sendmail and restart MailScanner: >> >> >> >> m4 < sendmail.mc > sendmail.cf >> >> service MailScanner restart >> >> >> >> Then specific entries for client hostname, domain, IP address >> >> or subnet can be put in the access file: >> >> >> >> GreetPause:my.domain 0 >> >> GreetPause:example.com 5000 >> >> GreetPause:10.1.2 2000 >> >> GreetPause:127.0.0.1 0 >> >> >> >> Definitely worth a look I would say, as it blocks large >> >> numbers of spammers before they are allowed to send any data, >> >> with very low risk of blocking genuine systems. It even >> >> seems to allow genuine mail from infected systems to be >> >> accepted while blocking viruses from those same systems >> >> before the DATA phase - as many viruses seem to behave rather >> >> impolitely :-) >> >> >> >> Regards >> >> >> >> Jim Holland >> >> System Administrator >> >> MANGO - Zimbabwe's non-profit e-mail service >> > -- >> > MailScanner mailing list >> > MailScanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Wed Feb 1 11:28:20 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 1 11:28:32 2006 Subject: sendmail greet_pause feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3663@isabella.herefordshire.gov.uk> A quick check reveals that you're going to need to do rpm --rebuild --nodeps sendmail.... because the SRPM "requires" a later version of "setup". No guarantees here. Seemed to build ok on my Fedora Core 1 box here but I can't test it as it is a production box. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Roger Jochem > Sent: 01 February 2006 10:57 > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > I will try that... > > Thanks... > > ----- Original Message ----- > From: "Randal, Phil" > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:49 AM > Subject: RE: sendmail greet_pause feature > > > > You could always try grabbing the Centos 4.2 sendmail 8.13 > source RPM > > and rebuilding: > > > > rpm --rebuild > > > http://anorien.csc.warwick.ac.uk/mirrors/centos/4.2/os/SRPMS/s > endmail-8. > > 13.1-2.src.rpm > > > > for example, and then installing (and reconfiguring as necessary). > > > > Cheers, > > > > Phil > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Roger Jochem > >> Sent: 01 February 2006 10:26 > >> To: MailScanner discussion > >> Subject: Re: sendmail greet_pause feature > >> > >> I'm using the rpm version of sendmail in my centos-3 box > >> (sendmail 8.12) and I would like to upgrade to sendmail 8.13 > >> to use this feature, that seems really great. Is there some > >> problem I should be aware, or the tar.gz version found at > >> sendmail.org would work fine on my machine? Anyone using 8.13 at > >> centos-3 or some similar OS? > >> > >> Regards > >> > >> Roger Jochem > >> > >> ----- Original Message ----- > >> From: "Anders Andersson, IT" > >> To: "MailScanner discussion" > >> Sent: Wednesday, February 01, 2006 8:01 AM > >> Subject: RE: sendmail greet_pause feature > >> > >> > >> >> -----Original Message----- > >> >> From: mailscanner-bounces@lists.mailscanner.info > >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> >> Of Jim Holland > >> >> Sent: Wednesday, February 01, 2006 9:12 AM > >> >> To: MailScanner mailing list > >> >> Subject: OT: sendmail greet_pause feature > >> >> > >> >> Perhaps other sendmail users know all about this, but I have > >> >> only looked at it for the first time. > >> >> > >> >> I run sendmail 8.13.1 and have decided to implement the > >> >> greet_pause feature for the first time (after seeing that it > >> >> is a default option in Debian installations). This requires > >> >> a specified delay after connection, which can be network > >> >> specific, before a client system is allowed to send any SMTP > >> >> commands. Any client that breaks normal SMTP protocols by > >> >> trying to force commands before receiving the go-ahead is > >> >> immediately disconnected. This seems to distinguish very > >> >> successfully between genuine mailers and spammers/viruses > >> >> that are not RFC-compliant. > >> >> > >> >> Using a 5 second delay I have found that the system has > >> >> blocked over 3200 connections in the first 24 hours I used > >> >> it. The client systems were all typical of spammers, with > >> >> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR > >> >> record at all. I found only four systems in the blocked > >> >> group that looked as if they were genuine. On further > >> >> investigation I found that earlier log records for some of > >> >> those sites indicated behaviour typical of virus infections > >> >> in any case. > >> > > >> > I second that, thoguh I raised mine to 25 sec just for the > >> fun of it. I > >> > started low but raised it by 5 sec eeverytime and its > been running > >> > smooth. So far no one complained and the ones we have a great > >> > mailexchange with been added to acces list > >> > > >> > /Anders > >> > > >> >> > >> >> To implement the feature: > >> >> > >> >> Add the following to the sendmail.mc file: > >> >> > >> >> FEATURE(`greet_pause', `5000')dnl 5 seconds > >> >> > >> >> Rebuild sendmail and restart MailScanner: > >> >> > >> >> m4 < sendmail.mc > sendmail.cf > >> >> service MailScanner restart > >> >> > >> >> Then specific entries for client hostname, domain, IP address > >> >> or subnet can be put in the access file: > >> >> > >> >> GreetPause:my.domain 0 > >> >> GreetPause:example.com 5000 > >> >> GreetPause:10.1.2 2000 > >> >> GreetPause:127.0.0.1 0 > >> >> > >> >> Definitely worth a look I would say, as it blocks large > >> >> numbers of spammers before they are allowed to send any data, > >> >> with very low risk of blocking genuine systems. It even > >> >> seems to allow genuine mail from infected systems to be > >> >> accepted while blocking viruses from those same systems > >> >> before the DATA phase - as many viruses seem to behave rather > >> >> impolitely :-) > >> >> > >> >> Regards > >> >> > >> >> Jim Holland > >> >> System Administrator > >> >> MANGO - Zimbabwe's non-profit e-mail service > >> > -- > >> > MailScanner mailing list > >> > MailScanner@lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > Before posting, read http://wiki.mailscanner.info/posting > >> > > >> > Support MailScanner development - buy the book off the website! > >> > >> -- > >> MailScanner mailing list > >> MailScanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > -- > > MailScanner mailing list > > MailScanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From C.P.Mills at cranfield.ac.uk Wed Feb 1 11:46:47 2006 From: C.P.Mills at cranfield.ac.uk (Mills Mr C P) Date: Wed Feb 1 11:48:11 2006 Subject: Notifying users of password protected files being blocked Message-ID: <8612FDC208266E419168366E1D2E3B797B0FD1@CranfieldMail.shrivenham.cranfield.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3094 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/30f05abb/smime.bin From oliver at linux-kernel.at Wed Feb 1 11:50:15 2006 From: oliver at linux-kernel.at (Oliver Falk) Date: Wed Feb 1 11:50:17 2006 Subject: sendmail greet_pause feature In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B0D364D@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580B0D364D@isabella.herefordshire.gov.uk> Message-ID: <43E0A077.8070906@linux-kernel.at> On 02/01/2006 11:49 AM, Randal, Phil wrote: > You could always try grabbing the Centos 4.2 sendmail 8.13 source RPM > and rebuilding: > > rpm --rebuild > http://anorien.csc.warwick.ac.uk/mirrors/centos/4.2/os/SRPMS/sendmail-8. > 13.1-2.src.rpm > > for example, and then installing (and reconfiguring as necessary). Go to http://rpms.linux-kernel.at/ and search for sendmail. You'll find srpms that will work fine with CentOS and you'll also find rpms for CentOS 3 and 4.1. Best, Oliver > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Roger Jochem >> Sent: 01 February 2006 10:26 >> To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> >> I'm using the rpm version of sendmail in my centos-3 box >> (sendmail 8.12) and I would like to upgrade to sendmail 8.13 >> to use this feature, that seems really great. Is there some >> problem I should be aware, or the tar.gz version found at >> sendmail.org would work fine on my machine? Anyone using 8.13 at >> centos-3 or some similar OS? >> >> Regards >> >> Roger Jochem >> >> ----- Original Message ----- >> From: "Anders Andersson, IT" >> To: "MailScanner discussion" >> Sent: Wednesday, February 01, 2006 8:01 AM >> Subject: RE: sendmail greet_pause feature >> >> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Jim Holland >>>> Sent: Wednesday, February 01, 2006 9:12 AM >>>> To: MailScanner mailing list >>>> Subject: OT: sendmail greet_pause feature >>>> >>>> Perhaps other sendmail users know all about this, but I have >>>> only looked at it for the first time. >>>> >>>> I run sendmail 8.13.1 and have decided to implement the >>>> greet_pause feature for the first time (after seeing that it >>>> is a default option in Debian installations). This requires >>>> a specified delay after connection, which can be network >>>> specific, before a client system is allowed to send any SMTP >>>> commands. Any client that breaks normal SMTP protocols by >>>> trying to force commands before receiving the go-ahead is >>>> immediately disconnected. This seems to distinguish very >>>> successfully between genuine mailers and spammers/viruses >>>> that are not RFC-compliant. >>>> >>>> Using a 5 second delay I have found that the system has >>>> blocked over 3200 connections in the first 24 hours I used >>>> it. The client systems were all typical of spammers, with >>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>>> record at all. I found only four systems in the blocked >>>> group that looked as if they were genuine. On further >>>> investigation I found that earlier log records for some of >>>> those sites indicated behaviour typical of virus infections >>>> in any case. >>> I second that, thoguh I raised mine to 25 sec just for the >> fun of it. I >>> started low but raised it by 5 sec eeverytime and its been running >>> smooth. So far no one complained and the ones we have a great >>> mailexchange with been added to acces list >>> >>> /Anders >>> >>>> To implement the feature: >>>> >>>> Add the following to the sendmail.mc file: >>>> >>>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>>> >>>> Rebuild sendmail and restart MailScanner: >>>> >>>> m4 < sendmail.mc > sendmail.cf >>>> service MailScanner restart >>>> >>>> Then specific entries for client hostname, domain, IP address >>>> or subnet can be put in the access file: >>>> >>>> GreetPause:my.domain 0 >>>> GreetPause:example.com 5000 >>>> GreetPause:10.1.2 2000 >>>> GreetPause:127.0.0.1 0 >>>> >>>> Definitely worth a look I would say, as it blocks large >>>> numbers of spammers before they are allowed to send any data, >>>> with very low risk of blocking genuine systems. It even >>>> seems to allow genuine mail from infected systems to be >>>> accepted while blocking viruses from those same systems >>>> before the DATA phase - as many viruses seem to behave rather >>>> impolitely :-) >>>> >>>> Regards >>>> >>>> Jim Holland >>>> System Administrator >>>> MANGO - Zimbabwe's non-profit e-mail service >>> -- >>> MailScanner mailing list >>> MailScanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From sujithe at cdacb.ernet.in Wed Feb 1 11:40:33 2006 From: sujithe at cdacb.ernet.in (Sujith Emmanuel) Date: Wed Feb 1 11:59:27 2006 Subject: Installed MS 4.50 stable successfully Message-ID: <005201c62724$5008fcb0$283da8c0@cdacb.ernet.in> Dear all, I got to install the latest stable version MS 4.50 successfully on my RHEL 4 box. It is working fine and a lot faster than the earlier stable version. Kudos. When I run the new feature i.e. /usr/sbin/MailScanner -lint I don't get the virus scanners results correct. I had installed the clamAV+SA easy installation package from the site. But the result only shows bitdefender as given below. Read 700 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender Sysinfo: Sendmail is the default that comes with EL 4. Running on Linux imss.cdacb.ernet.in 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.14 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI I had got a lot of conflict errors while installing MS for some perl modules. And one more thing, is Test::Pod necessary for the working? Thanks and regards Sujith Emmanuel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/0e6e0543/attachment-0001.html From sujithem at cdacb.ernet.in Wed Feb 1 12:00:55 2006 From: sujithem at cdacb.ernet.in (Sujith Emmanuel) Date: Wed Feb 1 11:59:58 2006 Subject: Installed MS 4.50 stable successfully Message-ID: <005d01c62727$280ce7a0$283da8c0@cdacb.ernet.in> Dear all, I got to upgrade to the latest stable version MS 4.50 successfully on my RHEL 4 box. It is working fine and a lot faster than the earlier stable version. Kudos. When I run the new feature i.e. /usr/sbin/MailScanner -lint I don't get the virus scanners results correct. I had installed the clamAV+SA easy installation package from the site. But the result only shows bitdefender as given below. Read 700 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender Sysinfo: Sendmail is the default that comes with EL 4. Running on Linux imss.cdacb.ernet.in 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.14 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI I had got a lot of conflict errors while installing MS for some perl modules. And one more thing, is Test::Pod necessary for the working? Thanks and regards Sujith Emmanuel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/14015bf2/attachment.html From MailScanner at ecs.soton.ac.uk Wed Feb 1 12:11:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 12:11:23 2006 Subject: Installed MS 4.50 stable successfully In-Reply-To: <005d01c62727$280ce7a0$283da8c0@cdacb.ernet.in> References: <005d01c62727$280ce7a0$283da8c0@cdacb.ernet.in> Message-ID: <91931DE3-5411-43F4-8715-C6BCA85C17C5@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/583886ec/PGP.bin From prandal at herefordshire.gov.uk Wed Feb 1 12:14:00 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 1 12:14:17 2006 Subject: Installed MS 4.50 stable successfully Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D367C@isabella.herefordshire.gov.uk> Is ClamAVModule actually catching anything on that box? Was it before the update? Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Sujith Emmanuel Sent: 01 February 2006 11:41 To: mailscanner@lists.mailscanner.info Subject: Installed MS 4.50 stable successfully Dear all, I got to install the latest stable version MS 4.50 successfully on my RHEL 4 box. It is working fine and a lot faster than the earlier stable version. Kudos. When I run the new feature i.e. /usr/sbin/MailScanner -lint I don't get the virus scanners results correct. I had installed the clamAV+SA easy installation package from the site. But the result only shows bitdefender as given below. Read 700 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender Sysinfo: Sendmail is the default that comes with EL 4. Running on Linux imss.cdacb.ernet.in 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.14 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI I had got a lot of conflict errors while installing MS for some perl modules. And one more thing, is Test::Pod necessary for the working? Thanks and regards Sujith Emmanuel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/f6a60047/attachment.html From sujithem at cdacb.ernet.in Wed Feb 1 12:25:26 2006 From: sujithem at cdacb.ernet.in (Sujith Emmanuel) Date: Wed Feb 1 12:24:29 2006 Subject: Installed MS 4.50 stable successfully In-Reply-To: <91931DE3-5411-43F4-8715-C6BCA85C17C5@ecs.soton.ac.uk> Message-ID: <008001c6272a$955408e0$283da8c0@cdacb.ernet.in> Hello there, Thank you very much. Now the status is correct. Read 700 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender, clamavmodule Thanks again, I didn't know I had a problem till now. Regards, Sujith Emmanuel _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, February 01, 2006 5:41 PM To: MailScanner discussion Subject: Re: Installed MS 4.50 stable successfully On 1 Feb 2006, at 12:00, Sujith Emmanuel wrote: When I run the new feature i.e. /usr/sbin/MailScanner -lint I don't get the virus scanners results correct. I had installed the clamAV+SA easy installation package from the site. But the result only shows bitdefender as given below. Read 700 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender You need to have clamav correctly installed for clamavmodule to report its presence. Check your clamav line in /etc/MailScanner/virus.scanners.conf. If this is not correct then virus signature updates may cause you scanning problems. Do "which clamscan". If this says /usr/local/bin/clamscan then you need to put /usr/local at the end of the clamav line in virus.scanners.conf. Sysinfo: Sendmail is the default that comes with EL 4. Running on Linux imss.cdacb.ernet.in 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.14 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/c5237116/attachment.html From support-lists at petdoctors.co.uk Wed Feb 1 12:30:10 2006 From: support-lists at petdoctors.co.uk (Nigel kendrick) Date: Wed Feb 1 12:30:44 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: <940603D9-0CFD-4E02-BB91-1F7AD9E48118@ecs.soton.ac.uk> Message-ID: <00ce01c6272b$42124b50$1465a8c0@support01> All seems hunky dory on CentOS 4 (RHEL4) - much faster - Thanks again for all your hard work on this. Nigel Kendrick From xterm1 at Tatorz.com Wed Feb 1 12:32:31 2006 From: xterm1 at Tatorz.com (Xterm1) Date: Wed Feb 1 12:31:35 2006 Subject: SpamAssassin.cache.db Question. Message-ID: List, I have my version of MailScanner "4.50.14-1" running on CentOS 4.2. I was wondering about the effect of running /var/spool/MailScanner/incoming in a tmpfs file system according to this link... http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html Reason I ask is, the new setting for the db file for spamassassin is here.. /var/spool/MailScanner/incoming/SpamAssassin.cache.db . Any thoughts or comments? Brian From res at ausics.net Wed Feb 1 12:34:21 2006 From: res at ausics.net (Res) Date: Wed Feb 1 12:34:30 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: <00ce01c6272b$42124b50$1465a8c0@support01> References: <00ce01c6272b$42124b50$1465a8c0@support01> Message-ID: One thing, its now logging speed... MailScanner[4790]: Batch processed in 0.65 seconds I have always had... Log Speed = no hiccup? On Wed, 1 Feb 2006, Nigel kendrick wrote: > All seems hunky dory on CentOS 4 (RHEL4) - much faster - Thanks again for > all your hard work on this. > > Nigel Kendrick > > > -- Cheers Res From jaearick at colby.edu Wed Feb 1 12:37:58 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Feb 1 12:38:05 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: References: <00ce01c6272b$42124b50$1465a8c0@support01> Message-ID: That's a feature I asked for back in November and Julian has kindly implemented. You get it even if log speed is no. Useful for tracking stats on how fast batches move thru your system. Jeff Earickson Colby College On Wed, 1 Feb 2006, Res wrote: > Date: Wed, 1 Feb 2006 22:34:21 +1000 (EST) > From: Res > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: MailScanner ANNOUNCE: 4.50 released > > One thing, its now logging speed... > > MailScanner[4790]: Batch processed in 0.65 seconds > > I have always had... Log Speed = no > > hiccup? > > > > On Wed, 1 Feb 2006, Nigel kendrick wrote: > >> All seems hunky dory on CentOS 4 (RHEL4) - much faster - Thanks again for >> all your hard work on this. >> >> Nigel Kendrick >> >> >> > > -- > Cheers > Res > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From res at ausics.net Wed Feb 1 13:09:37 2006 From: res at ausics.net (Res) Date: Wed Feb 1 13:09:47 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: References: <00ce01c6272b$42124b50$1465a8c0@support01> Message-ID: On Wed, 1 Feb 2006, Jeff A. Earickson wrote: > That's a feature I asked for back in November and Julian has kindly > implemented. You get it even if log speed is no. Useful for tracking > stats on how fast batches move thru your system. ok well how about those of us that do NOT want it those whos logs grow 100 megs a day dont need an extra 10K lines I'm sure i'm not alone when I ask the thet log speed = no actually is a no logging. > > Jeff Earickson > Colby College > > On Wed, 1 Feb 2006, Res wrote: > >> Date: Wed, 1 Feb 2006 22:34:21 +1000 (EST) >> From: Res >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: RE: MailScanner ANNOUNCE: 4.50 released >> >> One thing, its now logging speed... >> >> MailScanner[4790]: Batch processed in 0.65 seconds >> >> I have always had... Log Speed = no >> >> hiccup? >> >> >> >> On Wed, 1 Feb 2006, Nigel kendrick wrote: >> >>> All seems hunky dory on CentOS 4 (RHEL4) - much faster - Thanks again for >>> all your hard work on this. >>> >>> Nigel Kendrick >>> >>> >>> >> >> -- >> Cheers >> Res >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Cheers Res From padma at eis.iisc.ernet.in Wed Feb 1 13:00:59 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Wed Feb 1 13:11:31 2006 Subject: MailScanner+SPamAssassin Message-ID: Hi! The following are the headers from which it is very clear that Mailscanner and Spamassassin are Working together, but I really doubt whether it is catching spam because as such if only spamassassin is running with sendmail then the very occurrence of the word GTUBE must have trigerred spamassassin. From: padma@daisy.iisc.ernet.in Message-Id: <200601301104.k0UB4SXI004163@daisy.iisc.ernet.in> MIME-Version: 1.0 X-Daisy-MailScanner-Information: Please contact the ISP for more information X-Daisy-MailScanner: Found to be clean X-Daisy-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.072, required 5, autolearn=not spam, ALL_TRUSTED -2.82, MISSING_SUBJECT 1.57, NO_REAL_NAME 0.18) X-Daisy-MailScanner-From: padma@daisy.iisc.ernet.in X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on daisy.iisc.ernet.in X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=ALL_TRUSTED,MISSING_SUBJECT, NO_REAL_NAME autolearn=ham version=3.0.4 GTUBE test -- Regards Padma ERNET Helpdesk From prandal at herefordshire.gov.uk Wed Feb 1 13:14:05 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 1 13:14:22 2006 Subject: SpamAssassin.cache.db Question. Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D369F@isabella.herefordshire.gov.uk> There's a performance gain unless you're really short of RAM and using tmpfs forces stuff into swap. Current db size here is: -rw------- 1 root root 3154944 Feb 1 13:02 SpamAssassin.cache.db so it's not exactly huge. Oldest data in the cache is 55 hours old. The only downside is that you lose the cache on reboot. It will get rebuilt, so that's no disaster. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Xterm1 > Sent: 01 February 2006 12:33 > To: MailScanner discussion > Subject: SpamAssassin.cache.db Question. > > > > List, > > I have my version of MailScanner "4.50.14-1" running on > CentOS 4.2. I was wondering about the effect of running > /var/spool/MailScanner/incoming in a tmpfs file system > according to this link... > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html > > > Reason I ask is, the new setting for the db file for > spamassassin is here.. > /var/spool/MailScanner/incoming/SpamAssassin.cache.db . > > Any thoughts or comments? > > Brian > From martelm at quark.vsc.edu Wed Feb 1 13:14:32 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Wed Feb 1 13:14:39 2006 Subject: SpamAssassin.cache.db Question. In-Reply-To: References: Message-ID: <28E791D8FE56C342CD17047B@sherlockholmes.local> --On February 1, 2006 7:32:31 AM -0500 Xterm1 wrote: > Reason I ask is, the new setting for the db file for spamassassin > is here.. /var/spool/MailScanner/incoming/SpamAssassin.cache.db . Yup. What are you looking for for comments ? Julian commented on this before. He had to put it somewhere that he knew MailScanner would be able to write to. I'm sure there's a configuration setting to change where it lives. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From DougHall at sankyo.co.uk Wed Feb 1 13:19:25 2006 From: DougHall at sankyo.co.uk (Doug Hall) Date: Wed Feb 1 13:19:38 2006 Subject: Integration with QMail! Message-ID: <38422649D9FDBE42A238BD5604D203201FE849@wellington.sankyouk.local> Can anyone point me in the right direction for integrating MS with QMail, (if possible) Thanks Doug Hall IT Consultant Sankyo Pharma UK Ltd +44 (0) 1494 737139 +44 (0) 1494 766557 DougHall@Sankyo.co.uk ---------------------- This email including attachment/s is COMPANY CONFIDENTIAL and may contain PROPRIETARY or LEGALLY privileged information. It is intended only for use of the addressee(s). If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. The contents of this e-mail are the views and opinions of the author only. If you are not the addressee or an intended recipient, you must not print, copy, amend, distribute or disclose it to anyone else or rely on the contents of this message, and you should permanently DELETE it. SANKYO PHARMA UK LTD does not accept responsibility for any unauthorised amendment which may be made to the contents of this e-mail following its dispatch. We make every effort to keep our network free from viruses. However, you need to check this email and any attachments for viruses as we can take no responsibility for any computer virus which may be transferred by this email. In any event the contents of this email shall be governed by the laws of England. From shuttlebox at gmail.com Wed Feb 1 13:21:54 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Feb 1 13:21:57 2006 Subject: MailScanner+SPamAssassin In-Reply-To: References: Message-ID: <625385e30602010521k64300a30se6b5f46320722651@mail.gmail.com> On 2/1/06, padma@eis.iisc.ernet.in wrote: > > > Hi! > > The following are the headers from which it is very clear that Mailscanner > and Spamassassin are Working together, but I really doubt whether it is > catching spam because as such if only spamassassin is running with > sendmail then the very occurrence of the word GTUBE must have trigerred > spamassassin. > > > From: padma@daisy.iisc.ernet.in > Message-Id: <200601301104.k0UB4SXI004163@daisy.iisc.ernet.in> > MIME-Version: 1.0 > X-Daisy-MailScanner-Information: Please contact the ISP for more > information > X-Daisy-MailScanner: Found to be clean > X-Daisy-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.072, > required 5, autolearn=not spam, ALL_TRUSTED -2.82, > MISSING_SUBJECT 1.57, NO_REAL_NAME 0.18) > X-Daisy-MailScanner-From: padma@daisy.iisc.ernet.in > X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on > daisy.iisc.ernet.in > X-Spam-Level: > X-Spam-Status: No, score=-1.1 required=5.0 > tests=ALL_TRUSTED,MISSING_SUBJECT, > NO_REAL_NAME autolearn=ham version=3.0.4 > > GTUBE > test > The GTUBE test is not the word itself. Go to the SpamAssassin site to see what string to use, for obvious reasons I can't post it here. :-) -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/0ec6cb88/attachment.html From padma at eis.iisc.ernet.in Wed Feb 1 13:32:15 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Wed Feb 1 13:42:55 2006 Subject: MailScanner+SPamAssassin In-Reply-To: <625385e30602010521k64300a30se6b5f46320722651@mail.gmail.com> References: <625385e30602010521k64300a30se6b5f46320722651@mail.gmail.com> Message-ID: Thanks a lot!!!! I just overlooked that!!!! Regards Padma From xterm1 at Tatorz.com Wed Feb 1 13:57:26 2006 From: xterm1 at Tatorz.com (Xterm1) Date: Wed Feb 1 13:57:18 2006 Subject: SpamAssassin.cache.db Question. In-Reply-To: <28E791D8FE56C342CD17047B@sherlockholmes.local> Message-ID: -----Original Message----- Subject: Re: SpamAssassin.cache.db Question. --On February 1, 2006 7:32:31 AM -0500 Xterm1 wrote: > Reason I ask is, the new setting for the db file for spamassassin > is here.. /var/spool/MailScanner/incoming/SpamAssassin.cache.db . Yup. What are you looking for for comments ? Julian commented on this before. He had to put it somewhere that he knew MailScanner would be able to write to. I'm sure there's a configuration setting to change where it lives. Michael -- I just wanted to see if moving it would be of a necessity or not. being that on Power Loss/Reboot it would be lost. I was just looking for users own personal thoughts on the setting. Thanks Brian From MailScanner at ecs.soton.ac.uk Wed Feb 1 14:01:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 14:01:17 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: References: <00ce01c6272b$42124b50$1465a8c0@support01> Message-ID: <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 13:09, Res wrote: > > On Wed, 1 Feb 2006, Jeff A. Earickson wrote: > >> That's a feature I asked for back in November and Julian has kindly >> implemented. You get it even if log speed is no. Useful for >> tracking >> stats on how fast batches move thru your system. > > ok well how about those of us that do NOT want it > those whos logs grow 100 megs a day dont need an extra 10K lines > > I'm sure i'm not alone when I ask the thet log speed = no actually > is a no logging. It's 1 line per batch of messages. If you don't like it feel free to change it. :-) I like it, it's a very handy indicator that MailScanner is working at full speed. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+C/Jvw32o+k+q+hAQEVNggArhNuLK/JO1cUt37U6aAZpFm2UnioukYJ NrQpuoZpni+0ChrEX7O3Vs95ORuv4IS3gHoTV8LPK2phrdPTD86JOpC66xwGwUuE Uet6uDqA0Pk/rCWKcPDkgmj0XiD7KFHsWzt1jcSnQ165v1rhhFgq4nSnOAPYhz1H iNnguEV4zgMWNeLeHtTlNHYjauVqWctNmgMSdAEFLIRPH30i3Y1/pep2tgxTA1jQ woS0yGXGmVT1tKvBblftj37/sW0GOhZwV3zY11Tb/+ttpQeFAO5emWtKupy6tccR X23RVagTPCl8YcaiV4/sKYrT+fCnvPeIqAd0RxJvNF9tIqLzQC73UA== =M1iW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 1 14:05:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 14:06:06 2006 Subject: SpamAssassin.cache.db Question. In-Reply-To: <28E791D8FE56C342CD17047B@sherlockholmes.local> References: <28E791D8FE56C342CD17047B@sherlockholmes.local> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 13:14, Michael H. Martel wrote: > --On February 1, 2006 7:32:31 AM -0500 Xterm1 > wrote: > >> Reason I ask is, the new setting for the db file for spamassassin >> is here.. /var/spool/MailScanner/incoming/SpamAssassin.cache.db . Yes, if you use tmpfs for the directory then it will get lost at reboot. Its contents will be rebuilt in the first few minutes of operation anyway, so it's no great loss. And forcing you to start afresh once every few months when your server is rebooted forces any fragmentation issues in the database file to be scrapped. So it's actually quite a good idea. > > Yup. What are you looking for for comments ? Julian commented on > this before. He had to put it somewhere that he knew MailScanner > would be able to write to. > > I'm sure there's a configuration setting to change where it lives. Yes, there is. You could easily move it to /var/tmp if you prefer. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DAR/w32o+k+q+hAQEaCAf/aX9B+wHe7FoxOARYG0zvond+Gjccj7kE posZ89GDA/6hLeUfqd1ouBXXA0grSSSqr2yJxo94ZRuyfTMlygMJcwAu9LiyCH1t +lvrbu7hlsyNaIS0ErAsGuiSj5rFcPR48qgtxcWBG9OM9Psy/Tb5cTBSHdoMWY0C I4eZ4UhcgCyTlYWIJCSeQb4FaCrqHkwWF8bdw95OWAMf9sWeFs6J7/kG7cVdAoJ9 VTHbtIDAT+Mr9M4zQfX7bWx0z2qt3o3RoRfemU5QCbHh2afTPCaaFtpdUAn+/GvS b1ohTdJuxOzICfobnLaq2eacK0d9lW/s9SvKBy1X1C6Fody5em1f3w== =bEVq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 1 14:07:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 14:08:09 2006 Subject: MailScanner+SPamAssassin In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 13:00, padma@eis.iisc.ernet.in wrote: > > Hi! > > The following are the headers from which it is very clear that > Mailscanner and Spamassassin are Working together, but I really > doubt whether it is catching spam because as such if only > spamassassin is running with sendmail then the very occurrence of > the word GTUBE must have trigerred spamassassin. > > > From: padma@daisy.iisc.ernet.in > Message-Id: <200601301104.k0UB4SXI004163@daisy.iisc.ernet.in> > MIME-Version: 1.0 > X-Daisy-MailScanner-Information: Please contact the ISP for more > information > X-Daisy-MailScanner: Found to be clean > X-Daisy-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.072, > required 5, autolearn=not spam, ALL_TRUSTED -2.82, > MISSING_SUBJECT 1.57, NO_REAL_NAME 0.18) > X-Daisy-MailScanner-From: padma@daisy.iisc.ernet.in > X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on > daisy.iisc.ernet.in > X-Spam-Level: > X-Spam-Status: No, score=-1.1 required=5.0 > tests=ALL_TRUSTED,MISSING_SUBJECT, > NO_REAL_NAME autolearn=ham version=3.0.4 You are running SpamAssassin from outside MailScanner. You have a sendmail milter or a procmail script running SpamAssassin, these headers were not generated by MailScanner. I advise you fix your setup, as it will work considerably faster if you do. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DAtvw32o+k+q+hAQGqAgf/f61r2DTS8lidrw14lNSqJXb0YvfIuem0 qrbg1hFDBZB8ik+rRD5TlmEOO35nxH/4erP1PnX91t6DPehP3Xf4BEHosRTdfj0r YtHeUSXcnSNvYBqTvrbk4NI6U4+m1njMP4nI/243viy4DE6HRiKy7YJb5F0CPXCV h87dm89X9VEtPnQWkGXPzMNjv6qAmDCllY0vS17f7umjwy/OU1m8182X5ZwFTHvI eSN6ikQGNmAf/MsEDPvDAwA3UhuJkr3BKbzhcmRSADvsU7PP9fOw6kxEXddrdg9y Z9zBnd+FbfTpMDPCr2mbX/vrLVACrA3fkX3nVL4GidtWUXb91d+6eg== =/QGn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Feb 1 14:10:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 14:10:06 2006 Subject: MailScanner+SPamAssassin In-Reply-To: References: <625385e30602010521k64300a30se6b5f46320722651@mail.gmail.com> Message-ID: <223f97700602010610t1c95c24fj@mail.gmail.com> On 01/02/06, padma@eis.iisc.ernet.in wrote: > > > Thanks a lot!!!! I just overlooked that!!!! > > Regards > Padma You might also be interrested in looking at http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion#gtube_test_message (beware linewraps) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Feb 1 14:11:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 14:11:48 2006 Subject: Integration with QMail! In-Reply-To: <38422649D9FDBE42A238BD5604D203201FE849@wellington.sankyouk.local> References: <38422649D9FDBE42A238BD5604D203201FE849@wellington.sankyouk.local> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- You need to talk to the Opencomputing guys http://www.openprotect.com/ Google would have found this for you very quickly :-) On 1 Feb 2006, at 13:19, Doug Hall wrote: > Can anyone point me in the right direction for integrating MS with > QMail, (if possible) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DBnfw32o+k+q+hAQGL7wgAp3EF614jyt3uNSQ/AJ5wGbYgQgqFpjmn FDXWON2EnBwMvOK73zqmgrG/EYYhcdY3Zy/stwLU+zZaWiMgB9h9JuxJkkBESIT/ Li+W1iMUefHfmDOxkJfheDwC2FpL+MH5hHfH7YD5qJatyLzUQutxg/+SzebORAGs mw2FE/YyCk94LU6YR9RVRPHfCGzkTO51JmJMdAbUxLDfLsCcCgIya7s2A0cNnD2V 71b774hmVnWLrD1BL61A2oqX+wdoUGmJ68UZD5TuUt3ehCur8FFXcgMEokPi5k5A eemLxvsB9FdDrfgS4zTmQt+uPXncHV5OiVd4MW0flrNZpLStio5fKg== =E2kk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From roger at rudnick.com.br Wed Feb 1 14:40:29 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 1 14:40:41 2006 Subject: sendmail greet_pause feature References: <86144ED6CE5B004DA23E1EAC0B569B580B0D364D@isabella.herefordshire.gov.uk> <43E0A077.8070906@linux-kernel.at> Message-ID: <020401c6273d$7304caa0$0600a8c0@roger> To late... I'm allready upgraded to 8.13 using the sources from Centos 4. But thanks anyway... ----- Original Message ----- From: "Oliver Falk" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 9:50 AM Subject: Re: sendmail greet_pause feature > On 02/01/2006 11:49 AM, Randal, Phil wrote: >> You could always try grabbing the Centos 4.2 sendmail 8.13 source RPM >> and rebuilding: >> >> rpm --rebuild >> http://anorien.csc.warwick.ac.uk/mirrors/centos/4.2/os/SRPMS/sendmail-8. >> 13.1-2.src.rpm >> >> for example, and then installing (and reconfiguring as necessary). > > Go to http://rpms.linux-kernel.at/ and search for sendmail. You'll find > srpms that will work fine with CentOS and you'll also find rpms for CentOS > 3 and 4.1. > > Best, > Oliver > >> Cheers, >> >> Phil >> >> ---- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Roger >>> Jochem >>> Sent: 01 February 2006 10:26 >>> To: MailScanner discussion >>> Subject: Re: sendmail greet_pause feature >>> >>> I'm using the rpm version of sendmail in my centos-3 box (sendmail 8.12) >>> and I would like to upgrade to sendmail 8.13 to use this feature, that >>> seems really great. Is there some problem I should be aware, or the >>> tar.gz version found at sendmail.org would work fine on my machine? >>> Anyone using 8.13 at >>> centos-3 or some similar OS? >>> >>> Regards >>> >>> Roger Jochem >>> >>> ----- Original Message ----- >>> From: "Anders Andersson, IT" >>> To: "MailScanner discussion" >>> Sent: Wednesday, February 01, 2006 8:01 AM >>> Subject: RE: sendmail greet_pause feature >>> >>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Jim Holland >>>>> Sent: Wednesday, February 01, 2006 9:12 AM >>>>> To: MailScanner mailing list >>>>> Subject: OT: sendmail greet_pause feature >>>>> >>>>> Perhaps other sendmail users know all about this, but I have >>>>> only looked at it for the first time. >>>>> >>>>> I run sendmail 8.13.1 and have decided to implement the >>>>> greet_pause feature for the first time (after seeing that it >>>>> is a default option in Debian installations). This requires >>>>> a specified delay after connection, which can be network >>>>> specific, before a client system is allowed to send any SMTP >>>>> commands. Any client that breaks normal SMTP protocols by >>>>> trying to force commands before receiving the go-ahead is >>>>> immediately disconnected. This seems to distinguish very >>>>> successfully between genuine mailers and spammers/viruses >>>>> that are not RFC-compliant. >>>>> >>>>> Using a 5 second delay I have found that the system has >>>>> blocked over 3200 connections in the first 24 hours I used >>>>> it. The client systems were all typical of spammers, with >>>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>>>> record at all. I found only four systems in the blocked >>>>> group that looked as if they were genuine. On further >>>>> investigation I found that earlier log records for some of >>>>> those sites indicated behaviour typical of virus infections >>>>> in any case. >>>> I second that, thoguh I raised mine to 25 sec just for the >>> fun of it. I >>>> started low but raised it by 5 sec eeverytime and its been running >>>> smooth. So far no one complained and the ones we have a great >>>> mailexchange with been added to acces list >>>> >>>> /Anders >>>> >>>>> To implement the feature: >>>>> >>>>> Add the following to the sendmail.mc file: >>>>> >>>>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>>>> >>>>> Rebuild sendmail and restart MailScanner: >>>>> >>>>> m4 < sendmail.mc > sendmail.cf >>>>> service MailScanner restart >>>>> >>>>> Then specific entries for client hostname, domain, IP address >>>>> or subnet can be put in the access file: >>>>> >>>>> GreetPause:my.domain 0 >>>>> GreetPause:example.com 5000 >>>>> GreetPause:10.1.2 2000 >>>>> GreetPause:127.0.0.1 0 >>>>> >>>>> Definitely worth a look I would say, as it blocks large >>>>> numbers of spammers before they are allowed to send any data, >>>>> with very low risk of blocking genuine systems. It even >>>>> seems to allow genuine mail from infected systems to be >>>>> accepted while blocking viruses from those same systems >>>>> before the DATA phase - as many viruses seem to behave rather >>>>> impolitely :-) >>>>> >>>>> Regards >>>>> >>>>> Jim Holland >>>>> System Administrator >>>>> MANGO - Zimbabwe's non-profit e-mail service >>>> -- >>>> MailScanner mailing list >>>> MailScanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> -- >>> MailScanner mailing list >>> MailScanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From roger at rudnick.com.br Wed Feb 1 14:43:28 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 1 14:43:43 2006 Subject: Number of files on quarantine References: <00ce01c6272b$42124b50$1465a8c0@support01> <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> Message-ID: <021301c6273d$dd927890$0600a8c0@roger> Another question! I just upgraded Sendmail to 8.13 and MailScanner to the latest stable (4.50.14-1). I noticed in my mailscanner-mrtg page that the number of files / messages on quarantine, that was always something near 509,6 k, dropped to zero and restarted (and is now at 142,3 k). I wonder If that happened because of one the upgrades, and wich one caused that... The directory is still full of files, but the info in mailscanner-mrtg is weird... Regards Roger Jochem From mradzinschi at gmail.com Wed Feb 1 15:30:24 2006 From: mradzinschi at gmail.com (Marco Radzinschi) Date: Wed Feb 1 15:30:28 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> Message-ID: <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> Hello: I noticed that the CR/LF behavior has changed in the newest version of MailScanner (4.49) from DOS (LF only) to Unix-type text files (+) for the generated attachment warnings. I treid removing the excess characters in the report templates myself, but I noticed that the Perl script still appends to the report templates with +, which makes it appear mangled on a GroupWise system running on Windows. I did not see a configuration option for this, so I am assuming that it is hard-coded somewhere in the script, or in one of the external modules that the script uses. Does anyone know how to change this behavior? Thank You, Marco Radzinschi -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/0f70a206/attachment.html From MailScanner at ecs.soton.ac.uk Wed Feb 1 15:42:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 15:42:29 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> Message-ID: <5CE191E7-9FB5-4A17-827A-2460A7A16708@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- If you switch off "Sign Clean Messages" so that the body of the message is totally untouched, it should leave them alone like it used to. This is a major problem which we are working on. On 1 Feb 2006, at 15:30, Marco Radzinschi wrote: > > Hello: > > I noticed that the CR/LF behavior has changed in the newest version > of MailScanner (4.49) from DOS (LF only) to Unix-type text files > (+) for the generated attachment warnings. > > I treid removing the excess characters in the report templates > myself, but I noticed that the Perl script still appends to the > report templates with +, which makes it appear mangled on a > GroupWise system running on Windows. > > I did not see a configuration option for this, so I am assuming > that it is hard-coded somewhere in the script, or in one of the > external modules that the script uses. Does anyone know how to > change this behavior? > > Thank You, > > Marco Radzinschi > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DW3fw32o+k+q+hAQGlxQgAng0pjrITpKD1baVj4rXxmLr0Y1d+hbOA QUUjlmLORNHBbdrcJrrj0Y1hvV1y44xgwoJK4ER+aDZbA3JG1yHwGp/1LqZEXhyG M9vUojWY0wU0tJZoCMFVxeGGbBWXt1kZDE1mV8EcV4Bpyt+JsHU9BcC1qaGQ+vPo J+3Ep6nQFzAheNcjMi65rgeMKA5D+CLSObv28wbOg66Esbp0EcOG+DMa1cjPfF71 ZbMda/PE38zegYExjWj0oDPC5nG7oN7UN3uYlLUJWNKuXR8kkYWd6fgW8JoYIUfd z1Z1PeGsKeMSvQmEpTB8c0wxRezEqAK7PR9bmRyi8NoZ9cIZpm/acQ== =I0VJ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Wed Feb 1 15:43:11 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Feb 1 15:43:29 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> Message-ID: <43E0D70F.9080804@USherbrooke.ca> Marco Radzinschi wrote: > > Hello: > > I noticed that the CR/LF behavior has changed in the newest version of > MailScanner (4.49) from DOS (LF only) to Unix-type text files > (+) for the generated attachment warnings. DOS = CR+LF, Unix/Linux = LF > > I treid removing the excess characters in the report templates > myself, but I noticed that the Perl script still appends to the report > templates with +, which makes it appear mangled on a GroupWise > system running on Windows. > > I did not see a configuration option for this, so I am assuming that > it is hard-coded somewhere in the script, or in one of the external > modules that the script uses. Does anyone know how to change this > behavior? This has been discussed previously (about 1-2 weeks ago). It is probably a bug in MIME::Tools IIRC. Some people were supposed to talk to the developer to get a fix. Don't know how it turned out... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Wed Feb 1 15:54:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 15:54:23 2006 Subject: Thunderbird 1.5 support Message-ID: <6BA4D37A-055B-44DB-A21A-EDA100164C49@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Thunderbird 1.5 has the ability to trust the spam headers generated by SpamAssassin. It uses these headers to automatically put all identified spam into the user's "Junk" mailbox, so the users don't have to write any filters or anything like that. All new installations of MailScanner generate the correct headers for this. If you want to add support for this to your existing MailScanner setup, simply use the "header" Spam Action to generate them for you. Put these into your MailScanner.conf file: Spam Actions = deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DZp/w32o+k+q+hAQE2Sgf/alqO2uPYCdbG2U7B+ZdAoyNsiiWrV55s nJj4t0qhEM05ujTRn1AwHDsD14X8RBKc2opM8vv6Dd5I5lVk3z2+VOLCE/bnwRxX ICQ1NQ/vGjIrtj7VwPAroCoZJjbxXqUaJSf0L2ePhPQ50s/Wu+GJbdxSWO44Xa5m EHPbC4o7SU/E0VTynj7Wjy0UKEpTJJBVZ1imw70FFgldlwY31coF7g3qqFwW8XDp M3Za8swbe63oEzuegntsCwj2/hSlW1Pm97sxSildD4Jg/VGGBFwLCHDTlCuyVr0w hXLXiiT83XlxGNq484XSuYQpLVSyUYfiB3PFrnm1lq7y9MU/VPh/oQ== =tl+A -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mradzinschi at gmail.com Wed Feb 1 15:55:17 2006 From: mradzinschi at gmail.com (Marco Radzinschi) Date: Wed Feb 1 15:55:21 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <43E0D70F.9080804@USherbrooke.ca> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> <43E0D70F.9080804@USherbrooke.ca> Message-ID: <6a4915590602010755p653f0417v2d9e039f45e301a7@mail.gmail.com> I'm so used to doing the following quick fix that I don't even think about it anymore... perl -p -e 's/\n/\r\n/' unixfile.txt dosfile.txt perl -p -e 's/\r$//' dosfile.txt unixfile.txt Thanks for the catch - must not have had enough coffee that day. :-) - Marco On 2/1/06, Denis Beauchemin wrote: > > Marco Radzinschi wrote: > > > > > Hello: > > > > I noticed that the CR/LF behavior has changed in the newest version of > > MailScanner (4.49) from DOS (LF only) to Unix-type text files > > (+) for the generated attachment warnings. > > DOS = CR+LF, Unix/Linux = LF > > > > > I treid removing the excess characters in the report templates > > myself, but I noticed that the Perl script still appends to the report > > templates with +, which makes it appear mangled on a GroupWise > > system running on Windows. > > > > I did not see a configuration option for this, so I am assuming that > > it is hard-coded somewhere in the script, or in one of the external > > modules that the script uses. Does anyone know how to change this > > behavior? > > This has been discussed previously (about 1-2 weeks ago). It is > probably a bug in MIME::Tools IIRC. Some people were supposed to talk > to the developer to get a fix. Don't know how it turned out... > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/7c70b9db/attachment.html From dean.plant at roke.co.uk Wed Feb 1 16:07:40 2006 From: dean.plant at roke.co.uk (Plant, Dean) Date: Wed Feb 1 16:07:51 2006 Subject: sendmail greet_pause feature Message-ID: <2181C5F19DD0254692452BFF3EAF1D6801527A4E@rsys005a.comm.ad.roke.co.uk> Should this be used as a replacement to greylisting or can it be used along side? Dean -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jim Holland Sent: 01 February 2006 08:12 To: MailScanner mailing list Subject: OT: sendmail greet_pause feature Perhaps other sendmail users know all about this, but I have only looked at it for the first time. I run sendmail 8.13.1 and have decided to implement the greet_pause feature for the first time (after seeing that it is a default option in Debian installations). This requires a specified delay after connection, which can be network specific, before a client system is allowed to send any SMTP commands. Any client that breaks normal SMTP protocols by trying to force commands before receiving the go-ahead is immediately disconnected. This seems to distinguish very successfully between genuine mailers and spammers/viruses that are not RFC-compliant. Using a 5 second delay I have found that the system has blocked over 3200 connections in the first 24 hours I used it. The client systems were all typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR record at all. I found only four systems in the blocked group that looked as if they were genuine. On further investigation I found that earlier log records for some of those sites indicated behaviour typical of virus infections in any case. To implement the feature: Add the following to the sendmail.mc file: FEATURE(`greet_pause', `5000')dnl 5 seconds Rebuild sendmail and restart MailScanner: m4 < sendmail.mc > sendmail.cf service MailScanner restart Then specific entries for client hostname, domain, IP address or subnet can be put in the access file: GreetPause:my.domain 0 GreetPause:example.com 5000 GreetPause:10.1.2 2000 GreetPause:127.0.0.1 0 Definitely worth a look I would say, as it blocks large numbers of spammers before they are allowed to send any data, with very low risk of blocking genuine systems. It even seems to allow genuine mail from infected systems to be accepted while blocking viruses from those same systems before the DATA phase - as many viruses seem to behave rather impolitely :-) Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service -- MailScanner mailing list MailScanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rmantilla at smi.com.pe Wed Feb 1 16:20:29 2006 From: rmantilla at smi.com.pe (Rafael Mantilla) Date: Wed Feb 1 16:20:41 2006 Subject: sendmail greet_pause feature In-Reply-To: References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> Message-ID: <20060201161203.M49950@smi.com.pe> Julian, i think 'posix' lock type is needed since sendmail 8.12.x not 8.13.x, i'm still using 8.12.6 in one of my servers and i have to change to posix lock type because i have mails been processed twice (same mail id) by mailscanner. Rafael Mantilla ---------- Original Message ----------- From: Julian Field To: MailScanner discussion Sent: Wed, 1 Feb 2006 10:34:44 +0000 Subject: Re: sendmail greet_pause feature > -----BEGIN PGP SIGNED MESSAGE----- > > Don't forget to change MailScanner.conf to > Lock Type = posix > when you upgrade sendmail to 8.13. > > You should be able to find a good RPM of this, so you don't build it > from source and put everything in odd locations. Try http:// > dag.wieers.com/ and search his RPM repository. > > On 1 Feb 2006, at 10:26, Roger Jochem wrote: > > > I'm using the rpm version of sendmail in my centos-3 box (sendmail > > 8.12) and I would like to upgrade to sendmail 8.13 to use this > > feature, that seems really great. Is there some problem I should be > > aware, or the tar.gz version found at sendmail.org would work fine > > on my machine? Anyone using 8.13 at centos-3 or some similar OS? > > > > Regards > > > > Roger Jochem > > ________________________________________________________________________ - El correo electronico de San Miguel Industrial S.A. se utiliza exclusivamente con fines comerciales, cualquier otro uso entra en conflicto con las politicas de la empresa. - San Miguel Industrial S.A. verifica y analiza sus correos electronicos en busca de cualquier virus conocido a la fecha u otro contenido peligroso antes que abandonen sus servidores. From Edge at twu.ca Wed Feb 1 16:26:17 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 1 16:23:58 2006 Subject: ALL_TRUSTED problems Message-ID: -----Original Message----- >> >I'd also STRONGLY suggest running: >> >spamassassin --lint. >> >> >As previously suggested. You should run that EVERY time you edit a >> config file. >> >> Which I always do. No problems reported. >Ok, how about quoting a bit of the begining of "spamassassin --lint -D" here? Just the >part Matt's been asking about... Okay here you go. The --lint -D output from root login: ----------------------- [7789] dbg: ignore: using a test message to lint rules [7789] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [7789] dbg: config: read file /etc/mail/spamassassin/init.pre [7789] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [7789] dbg: config: using "/usr/share/spamassassin" for default rules dir [7789] dbg: config: read file /usr/share/spamassassin/10_misc.cf [7789] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [7789] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [7789] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [7789] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [7789] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [7789] dbg: config: read file /usr/share/spamassassin/20_porn.cf [7789] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [7789] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [7789] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [7789] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [7789] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [7789] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [7789] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [7789] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [7789] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [7789] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [7789] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [7789] dbg: config: read file /usr/share/spamassassin/25_replace.cf [7789] dbg: config: read file /usr/share/spamassassin/25_spf.cf [7789] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [7789] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [7789] dbg: config: read file /usr/share/spamassassin/50_scores.cf [7789] dbg: config: read file /usr/share/spamassassin/60_awl.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [7789] dbg: config: using "/etc/mail/spamassassin" for site rules dir [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf [7789] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf [7789] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [7789] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf [7789] dbg: config: read file /etc/mail/spamassassin/local.cf [7789] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf ------------------------- >From within MailWatch which I assume would be the same as what MailScanner is close to seeing as it is idential to what I get as the postfix user: ----------- [4409] dbg: ignore: using a test message to lint rules 0.00028 [4409] dbg: config: using "/etc/mail/spamassassin" for site rules pre files 0.00028 [4409] dbg: config: read file /etc/mail/spamassassin/init.pre 0.00028 [4409] dbg: config: using "/usr/share/spamassassin" for sys rules pre files 0.00026 [4409] dbg: config: using "/usr/share/spamassassin" for default rules dir 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/10_misc.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/20_compensate.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf 0.00029 [4409] dbg: config: read file /usr/share/spamassassin/20_drugs.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf 0.00052 [4409] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf 0.00172 [4409] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf 0.00109 [4409] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf 0.00034 [4409] dbg: config: read file /usr/share/spamassassin/20_phrases.cf 0.00092 [4409] dbg: config: read file /usr/share/spamassassin/20_porn.cf 0.00049 [4409] dbg: config: read file /usr/share/spamassassin/20_ratware.cf 0.00086 [4409] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf 0.00066 [4409] dbg: config: read file /usr/share/spamassassin/23_bayes.cf 0.00037 [4409] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf 0.00031 [4409] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf 0.00056 [4409] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf 0.00099 [4409] dbg: config: read file /usr/share/spamassassin/25_dcc.cf 0.00031 [4409] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf 0.00033 [4409] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_razor2.cf 0.00029 [4409] dbg: config: read file /usr/share/spamassassin/25_replace.cf 0.00067 [4409] dbg: config: read file /usr/share/spamassassin/25_spf.cf 0.00041 [4409] dbg: config: read file /usr/share/spamassassin/25_textcat.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_uribl.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/30_text_de.cf 0.0019 [4409] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf 0.00188 [4409] dbg: config: read file /usr/share/spamassassin/30_text_it.cf 0.00051 [4409] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf 0.00145 [4409] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf 0.00132 [4409] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf 0.00045 [4409] dbg: config: read file /usr/share/spamassassin/50_scores.cf 0.00168 [4409] dbg: config: read file /usr/share/spamassassin/60_awl.cf 0.00048 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf 0.00043 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf 0.00033 [4409] dbg: config: using "/etc/mail/spamassassin" for site rules dir 0.00188 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf 0.00153 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf 0.00088 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf 0.00035 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf 0.00049 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf 0.00189 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf 0.00091 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf 0.00105 [4409] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf 0.00087 [4409] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf 0.00053 [4409] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf 0.00631 [4409] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf 0.00144 [4409] dbg: config: read file /etc/mail/spamassassin/local.cf 0.00039 [4409] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf 0.00077 [4409] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file 0.00027 [4409] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf --------------------- >> >> >> Please use https://helpdesk.twu.ca for all Technical support requests. >> >Really? A relative of mine has these BMC 1300s that consume approximately as much oil as >petrol.... Would the helpdesk handle that >too:-):-) :-) Oops, looks like I used my internal sig. on that message. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology From MailScanner at ecs.soton.ac.uk Wed Feb 1 16:29:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 16:30:08 2006 Subject: sendmail greet_pause feature In-Reply-To: <20060201161203.M49950@smi.com.pe> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 needs flock. On 1 Feb 2006, at 16:20, Rafael Mantilla wrote: > Julian, i think 'posix' lock type is needed since sendmail 8.12.x > not 8.13.x, > i'm still using 8.12.6 in one of my servers and i have to change to > posix lock > type because i have mails been processed twice (same mail id) by > mailscanner. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DiCPw32o+k+q+hAQGsoQgAnm4Qa2w42oU400mqhQHM3VvI9M6uXYkh hn1jz6AckNouSZv+bgD7vLIbH3XBxh1raaXxKTA7t30meKLVO/Cz2bGyR62jS3MY JyN4Lph92jXfHUII+hFs0ThKNozBSegCCqifnRXf2RrsiTHLW5mRoJojwb49z4+k QRtdIiDqbw3cFhl8FqDD2q5OmEbiuDdU4OPSEXeB88HS29u5CtDWp0JHEjhV1AS1 AQ5E0K4SgXhv4/w+Ltst8ghNv5ilB4wCwIxPIV+smvCiQM6rUusHSSEzxLfhwteh kEPObOLLL+4EYidKIfpvUfThgMNp0epzG+T2Df6wqGN12tMFt+u0lA== =R75r -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Wed Feb 1 16:31:06 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Feb 1 16:31:09 2006 Subject: sendmail greet_pause feature In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D6801527A4E@rsys005a.comm.ad.roke.co.uk> References: <2181C5F19DD0254692452BFF3EAF1D6801527A4E@rsys005a.comm.ad.roke.co.uk> Message-ID: <625385e30602010831p53f04fb0ob1ec7a4087b83000@mail.gmail.com> On 2/1/06, Plant, Dean wrote: > > Should this be used as a replacement to greylisting or can it be used > along side? > You can use both if you like. Both assume spammers are in a hurry. :-) -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/273dd387/attachment.html From ssilva at sgvwater.com Wed Feb 1 16:36:41 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 1 16:38:22 2006 Subject: spamassassinprefsfile at line 1377 In-Reply-To: <20060201033002.55454.qmail@web50606.mail.yahoo.com> References: <20060201033002.55454.qmail@web50606.mail.yahoo.com> Message-ID: Devi S spake the following on 1/31/2006 7:30 PM: > > > */Scott Silva /* wrote: > > > > > > Please advice. Thank you. > Is this an upgrade? > Did you run the upgrade_MailScanner_conf script? > I think I didn't do that this time. Julian also advised to do > it. Can I do it now or should I do it only during next upgradation? You can run it now. It is always a good choice to either run it everytime, or if you are good with diff, you can see the changes and incorporate them yourself. The script is MUCH easier. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gregg at gbcomputers.com Wed Feb 1 18:25:12 2006 From: gregg at gbcomputers.com (Gregg Berkholtz) Date: Wed Feb 1 18:25:16 2006 Subject: Cannot install DBI with MS 4.50.14 Message-ID: <20060201182512.GA30959@gbcomputers.com> It appears I cant install DBI as I'm getting the following error after running MailScanner's install.sh on a Debian 3.0 system. Any assistance is greatly appreciated: "... Writing Makefile for DBI /usr/bin/perl "-MExtUtils::Command" -e mkpath blib/lib/DBI rm -f blib/lib/DBI/Changes.pm cp Changes blib/lib/DBI/Changes.pm /usr/bin/perl "-MExtUtils::Command" -e mkpath blib/lib/DBI rm -f blib/lib/DBI/Roadmap.pm cp Roadmap.pod blib/lib/DBI/Roadmap.pm cp Driver_xst.h blib/arch/auto/DBI/Driver_xst.h cp lib/DBI/ProfileDumper.pm blib/lib/DBI/ProfileDumper.pm cp Roadmap.pod blib/lib/Roadmap.pod cp DBIXS.h blib/arch/auto/DBI/DBIXS.h cp lib/DBI/DBD/Metadata.pm blib/lib/DBI/DBD/Metadata.pm cp lib/DBD/NullP.pm blib/lib/DBD/NullP.pm cp dbipport.h blib/arch/auto/DBI/dbipport.h cp dbd_xsh.h blib/arch/auto/DBI/dbd_xsh.h cp lib/DBI/Const/GetInfoReturn.pm blib/lib/DBI/Const/GetInfoReturn.pm cp lib/DBI/Const/GetInfo/ANSI.pm blib/lib/DBI/Const/GetInfo/ANSI.pm cp lib/DBI/PurePerl.pm blib/lib/DBI/PurePerl.pm cp lib/DBI/Profile.pm blib/lib/DBI/Profile.pm cp lib/DBI/SQL/Nano.pm blib/lib/DBI/SQL/Nano.pm cp lib/DBD/File.pm blib/lib/DBD/File.pm cp DBI.pm blib/lib/DBI.pm cp lib/DBD/DBM.pm blib/lib/DBD/DBM.pm cp lib/DBI/FAQ.pm blib/lib/DBI/FAQ.pm cp lib/DBD/ExampleP.pm blib/lib/DBD/ExampleP.pm cp lib/Bundle/DBI.pm blib/lib/Bundle/DBI.pm cp lib/Win32/DBIODBC.pm blib/lib/Win32/DBIODBC.pm cp lib/DBI/W32ODBC.pm blib/lib/DBI/W32ODBC.pm cp dbivport.h blib/arch/auto/DBI/dbivport.h cp lib/DBI/DBD.pm blib/lib/DBI/DBD.pm cp lib/DBI/ProfileData.pm blib/lib/DBI/ProfileData.pm cp lib/DBD/Proxy.pm blib/lib/DBD/Proxy.pm cp lib/DBI/ProxyServer.pm blib/lib/DBI/ProxyServer.pm cp lib/DBI/Const/GetInfoType.pm blib/lib/DBI/Const/GetInfoType.pm cp dbi_sql.h blib/arch/auto/DBI/dbi_sql.h cp lib/DBI/ProfileDumper/Apache.pm blib/lib/DBI/ProfileDumper/Apache.pm cp Driver.xst blib/arch/auto/DBI/Driver.xst cp lib/DBI/Const/GetInfo/ODBC.pm blib/lib/DBI/Const/GetInfo/ODBC.pm cp lib/DBD/Sponge.pm blib/lib/DBD/Sponge.pm /usr/bin/perl -p -e "s/~DRIVER~/Perl/g" ./Driver.xst > Perl.xsi /usr/bin/perl /usr/share/perl/5.6.1/ExtUtils/xsubpp -typemap /usr/share/perl/5.6.1/ExtUtils/typemap -typemap typemap Perl.xs > Perl.xsc && mv Perl.xsc Perl.c cc -c -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.50\" -DXS_VERSION=\"1.50\" -fPIC "-I/usr/lib/perl/5.6.1/CORE" -W -Wall -Wpointer-arith -Wbad-function-cast -Wno-comment -Wno-sign-compare -Wno-cast-qual -DDBI_NO_THREADS Perl.c Perl.xs: In function `dbd_st_rows': Perl.xs:39: warning: unused parameter `h' Perl.c: In function `XS_DBD__Perl__dr_data_sources': Perl.c:84: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db__login': Perl.c:119: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_selectall_arrayref': Perl.c:153: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_do': Perl.c:273: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_last_insert_id': Perl.c:310: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_commit': Perl.c:339: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_rollback': Perl.c:356: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_disconnect': Perl.c:373: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_STORE': Perl.c:406: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_FETCH': Perl.c:428: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_DESTROY': Perl.c:447: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_take_imp_data': Perl.c:506: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st__prepare': Perl.c:568: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_col': Perl.c:620: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_param': Perl.c:671: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_param_inout': Perl.c:713: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_execute': Perl.c:761: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_execute_for_fetch': Perl.c:795: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_fetchall_arrayref': Perl.c:868: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_finish': Perl.c:901: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_blob_read': Perl.c:931: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_STORE': Perl.c:969: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_DESTROY': Perl.c:1013: warning: unused parameter `cv' Perl.c: In function `boot_DBD__Perl': Perl.c:1064: warning: unused parameter `cv' Perl.c: At top level: dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used /usr/bin/perl /usr/share/perl/5.6.1/ExtUtils/xsubpp -typemap /usr/share/perl/5.6.1/ExtUtils/typemap -typemap typemap DBI.xs > DBI.xsc && mv DBI.xsc DBI.c cc -c -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.50\" -DXS_VERSION=\"1.50\" -fPIC "-I/usr/lib/perl/5.6.1/CORE" -W -Wall -Wpointer-arith -Wbad-function-cast -Wno-comment -Wno-sign-compare -Wno-cast-qual -DDBI_NO_THREADS DBI.c DBI.xs: In function `dbih_clearcom': DBI.xs:1183: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_get_fbav': DBI.xs:1332: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_set_attr_k': DBI.xs:1514: warning: unused variable `Perl___notused' DBI.xs:1416: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_get_attr_k': DBI.xs:1654: warning: unused variable `Perl___notused' DBI.xs: In function `log_where': DBI.xs:2081: warning: unused variable `Perl___notused' DBI.xs: In function `XS_DBI_dispatch': DBI.xs:2971: warning: unused variable `Perl___notused' DBI.c: In function `XS_DBI__install_method': DBI.c:3650: warning: unused parameter `cv' DBI.c: In function `XS_DBI_dbi_time': DBI.c:3833: warning: unused parameter `cv' DBI.c: In function `XS_DBD_____db_preparse': DBI.c:3988: warning: unused parameter `cv' DBI.c: At top level: dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used Running Mkbootstrap for DBI () chmod 644 DBI.bs rm -f blib/arch/auto/DBI/DBI.so cc -shared -L/usr/local/lib DBI.o -o blib/arch/auto/DBI/DBI.so \ \ chmod 755 blib/arch/auto/DBI/DBI.so cp DBI.bs blib/arch/auto/DBI/DBI.bs chmod 644 blib/arch/auto/DBI/DBI.bs /usr/bin/perl "-Iblib/arch" "-Iblib/lib" dbiproxy.PL dbiproxy Extracted dbiproxy from dbiproxy.PL with variable substitutions. cp dbiproxy blib/script/dbiproxy /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/dbiproxy /usr/bin/perl "-Iblib/arch" "-Iblib/lib" dbiprof.PL dbiprof Extracted dbiprof from dbiprof.PL with variable substitutions. cp dbiprof blib/script/dbiprof /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/dbiprof Manifying blib/man1/dbiproxy.1p Manifying blib/man1/dbiprof.1p Manifying blib/man3/DBI::ProfileDumper.3pm Manifying blib/man3/Roadmap.3pm Manifying blib/man3/DBI::DBD::Metadata.3pm Manifying blib/man3/DBI::Const::GetInfoReturn.3pm Manifying blib/man3/DBI::Const::GetInfo::ANSI.3pm Manifying blib/man3/DBI::PurePerl.3pm Manifying blib/man3/DBI::Profile.3pm Manifying blib/man3/DBI::SQL::Nano.3pm Manifying blib/man3/DBD::File.3pm Manifying blib/man3/DBD::DBM.3pm Manifying blib/man3/DBI.3pm Manifying blib/man3/DBI::FAQ.3pm Manifying blib/man3/Bundle::DBI.3pm Manifying blib/man3/Win32::DBIODBC.3pm Manifying blib/man3/DBI::W32ODBC.3pm Manifying blib/man3/DBI::DBD.3pm Manifying blib/man3/DBI::ProfileData.3pm Manifying blib/man3/DBD::Proxy.3pm Manifying blib/man3/DBI::ProxyServer.3pm Manifying blib/man3/DBI::Const::GetInfoType.3pm Manifying blib/man3/DBI::ProfileDumper::Apache.3pm Manifying blib/man3/DBD::Sponge.3pm Manifying blib/man3/DBI::Const::GetInfo::ODBC.3pm PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/01basics...............ok 4/131 skipped: developer tests t/02dbidrv...............ok t/03handle...............ok t/04mods.................ok t/05thrclone.............skipped all skipped: developer tests t/06attrs................ok t/07kids.................ok t/08keeperr..............ok t/09trace................ok t/10examp................ok t/11fetch................Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. t/11fetch................dubious Test returned status 255 (wstat 65280, 0xff00) t/14utf8.................skipped all skipped: developer tests t/15array................ok t/20meta.................ok t/30subclass.............ok t/40profile..............ok t/41prof_dump............ok t/42prof_data............ok t/43profenv..............ok t/50dbm..................ok t/60preparse.............ok t/70callbacks............ok t/72childhandles.........skipped all skipped: developer tests t/80proxy................skipped all skipped: developer tests t/pod....................skipped all skipped: developer tests t/zvpp_01basics..........ok 6/131 skipped: various reasons t/zvpp_02dbidrv..........ok 10/51 skipped: various reasons t/zvpp_03handle..........ok 76/135 skipped: various reasons t/zvpp_04mods............ok t/zvpp_05thrclone........skipped all skipped: various reasons t/zvpp_06attrs...........ok 7/137 skipped: various reasons t/zvpp_07kids............skipped all skipped: various reasons t/zvpp_08keeperr.........ok t/zvpp_09trace...........ok t/zvpp_10examp...........ok 39/253 skipped: various reasons t/zvpp_11fetch...........Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. ...caught at t/zvpp_11fetch.t line 3. Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. ...caught ...propagated at t/zvpp_11fetch.t line 4. t/zvpp_14utf8............skipped all skipped: various reasons t/zvpp_15array...........ok t/zvpp_20meta............ok t/zvpp_30subclass........ok t/zvpp_40profile.........skipped all skipped: various reasons t/zvpp_41prof_dump.......skipped all skipped: various reasons t/zvpp_42prof_data.......skipped all skipped: various reasons t/zvpp_43profenv.........skipped all skipped: various reasons t/zvpp_50dbm.............ok t/zvpp_60preparse........skipped all skipped: various reasons t/zvpp_70callbacks.......skipped all skipped: various reasons t/zvpp_72childhandles....skipped all skipped: various reasons t/zvpp_80proxy...........skipped all skipped: various reasons Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/11fetch.t 255 65280 ?? ?? % ?? 16 tests and 142 subtests skipped. Failed 1/49 test scripts, 95.92% okay. 0/2156 subtests failed, 100.00% okay. make: *** [test_dynamic] Error 11 ..." Regards, Gregg Berkholtz From jclark at morpace.com Wed Feb 1 18:45:46 2006 From: jclark at morpace.com (Joan Clark) Date: Wed Feb 1 18:47:41 2006 Subject: ALL_TRUSTED problems Message-ID: >>> Edge@twu.ca 02/01/06 11:26AM >>> -----Original Message----- >> >I'd also STRONGLY suggest running: >> >spamassassin --lint. >> >> >As previously suggested. You should run that EVERY time you edit a >> config file. >> >> Which I always do. No problems reported. >Ok, how about quoting a bit of the begining of "spamassassin --lint -D" here? Just the >part Matt's been asking about... Okay here you go. The --lint -D output from root login: ----------------------- [7789] dbg: ignore: using a test message to lint rules [7789] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [7789] dbg: config: read file /etc/mail/spamassassin/init.pre [7789] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [7789] dbg: config: using "/usr/share/spamassassin" for default rules dir [7789] dbg: config: read file /usr/share/spamassassin/10_misc.cf [7789] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [7789] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [7789] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [7789] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [7789] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [7789] dbg: config: read file /usr/share/spamassassin/20_porn.cf [7789] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [7789] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [7789] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [7789] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [7789] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [7789] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [7789] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [7789] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [7789] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [7789] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [7789] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [7789] dbg: config: read file /usr/share/spamassassin/25_replace.cf [7789] dbg: config: read file /usr/share/spamassassin/25_spf.cf [7789] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [7789] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [7789] dbg: config: read file /usr/share/spamassassin/50_scores.cf [7789] dbg: config: read file /usr/share/spamassassin/60_awl.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [7789] dbg: config: using "/etc/mail/spamassassin" for site rules dir [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf [7789] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf [7789] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [7789] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf [7789] dbg: config: read file /etc/mail/spamassassin/local.cf [7789] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf ------------------------- >From within MailWatch which I assume would be the same as what MailScanner is close to seeing as it is idential to what I get as the postfix user: ----------- [4409] dbg: ignore: using a test message to lint rules 0.00028 [4409] dbg: config: using "/etc/mail/spamassassin" for site rules pre files 0.00028 [4409] dbg: config: read file /etc/mail/spamassassin/init.pre 0.00028 [4409] dbg: config: using "/usr/share/spamassassin" for sys rules pre files 0.00026 [4409] dbg: config: using "/usr/share/spamassassin" for default rules dir 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/10_misc.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/20_compensate.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf 0.00029 [4409] dbg: config: read file /usr/share/spamassassin/20_drugs.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf 0.00052 [4409] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf 0.00172 [4409] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf 0.00109 [4409] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf 0.00034 [4409] dbg: config: read file /usr/share/spamassassin/20_phrases.cf 0.00092 [4409] dbg: config: read file /usr/share/spamassassin/20_porn.cf 0.00049 [4409] dbg: config: read file /usr/share/spamassassin/20_ratware.cf 0.00086 [4409] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf 0.00066 [4409] dbg: config: read file /usr/share/spamassassin/23_bayes.cf 0.00037 [4409] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf 0.00031 [4409] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf 0.00056 [4409] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf 0.00099 [4409] dbg: config: read file /usr/share/spamassassin/25_dcc.cf 0.00031 [4409] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf 0.00033 [4409] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_razor2.cf 0.00029 [4409] dbg: config: read file /usr/share/spamassassin/25_replace.cf 0.00067 [4409] dbg: config: read file /usr/share/spamassassin/25_spf.cf 0.00041 [4409] dbg: config: read file /usr/share/spamassassin/25_textcat.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_uribl.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/30_text_de.cf 0.0019 [4409] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf 0.00188 [4409] dbg: config: read file /usr/share/spamassassin/30_text_it.cf 0.00051 [4409] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf 0.00145 [4409] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf 0.00132 [4409] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf 0.00045 [4409] dbg: config: read file /usr/share/spamassassin/50_scores.cf 0.00168 [4409] dbg: config: read file /usr/share/spamassassin/60_awl.cf 0.00048 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf 0.00043 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf 0.00033 [4409] dbg: config: using "/etc/mail/spamassassin" for site rules dir 0.00188 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf 0.00153 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf 0.00088 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf 0.00035 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf 0.00049 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf 0.00189 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf 0.00091 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf 0.00105 [4409] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf 0.00087 [4409] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf 0.00053 [4409] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf 0.00631 [4409] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf 0.00144 [4409] dbg: config: read file /etc/mail/spamassassin/local.cf 0.00039 [4409] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf 0.00077 [4409] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file 0.00027 [4409] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf --------------------- >> >> >> Please use https://helpdesk.twu.ca for all Technical support requests. >> >Really? A relative of mine has these BMC 1300s that consume approximately as much oil as >petrol.... Would the helpdesk handle that >too:-):-) :-) Oops, looks like I used my internal sig. on that message. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -- MailScanner mailing list MailScanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Greetings, Please take a quick look at if you have not already: /usr/share/spamassassin/50_scores.cf Hopefully you might find something there. Good luck! From alex at nkpanama.com Wed Feb 1 19:11:44 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 1 19:11:54 2006 Subject: OT: sendmail greet_pause feature In-Reply-To: References: Message-ID: <43E107F0.1050104@nkpanama.com> I swear by greet_pause since it came out. I've even installed in on old Red Hat / Fedora sites by using city-fan.org's rpm's at http://www.city-fan.org/ftp/contrib/mail/ for older Red Hats. Jim Holland wrote: > Perhaps other sendmail users know all about this, but I have only looked > at it for the first time. > > I run sendmail 8.13.1 and have decided to implement the greet_pause > feature for the first time (after seeing that it is a default option in > Debian installations). This requires a specified delay after connection, > which can be network specific, before a client system is allowed to send > any SMTP commands. Any client that breaks normal SMTP protocols by trying > to force commands before receiving the go-ahead is immediately > disconnected. This seems to distinguish very successfully between genuine > mailers and spammers/viruses that are not RFC-compliant. > > Using a 5 second delay I have found that the system has blocked over 3200 > connections in the first 24 hours I used it. The client systems were all > typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or > no PTR record at all. I found only four systems in the blocked group that > looked as if they were genuine. On further investigation I found that > earlier log records for some of those sites indicated behaviour typical of > virus infections in any case. > > To implement the feature: > > Add the following to the sendmail.mc file: > > FEATURE(`greet_pause', `5000')dnl 5 seconds > > Rebuild sendmail and restart MailScanner: > > m4 < sendmail.mc > sendmail.cf > service MailScanner restart > > Then specific entries for client hostname, domain, IP address or subnet > can be put in the access file: > > GreetPause:my.domain 0 > GreetPause:example.com 5000 > GreetPause:10.1.2 2000 > GreetPause:127.0.0.1 0 > > Definitely worth a look I would say, as it blocks large numbers of > spammers before they are allowed to send any data, with very low risk of > blocking genuine systems. It even seems to allow genuine mail from > infected systems to be accepted while blocking viruses from those same > systems before the DATA phase - as many viruses seem to behave rather > impolitely :-) > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Wed Feb 1 19:14:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 1 19:14:45 2006 Subject: ALL_TRUSTED problems In-Reply-To: <223f97700602010049k72250beat@mail.gmail.com> References: <223f97700602010049k72250beat@mail.gmail.com> Message-ID: <43E1089F.3000003@nkpanama.com> Glenn Steen wrote: > On 01/02/06, Richard Edge wrote: > >> > Ok, how about quoting a bit of the begining of "spamassassin --lint > -D" here? Just the part Matt's been asking about... > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > Sorry for the newbie "bash" / spamassassin question, but is there a way for spamassassin to output to stdout instead of stderr so I can look at it with "more" or "less"? I keep having to &> to a tempfile and then "less" the tempfile. -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Wed Feb 1 19:15:13 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 1 19:15:19 2006 Subject: sendmail greet_pause feature In-Reply-To: <023301c62719$f6c921c0$0600a8c0@roger> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> Message-ID: <43E108C1.4060308@nkpanama.com> Try http://www.city-fan.org/ftp/contrib/mail/ and see if there's an RPM that'll fit your box. Roger Jochem wrote: > I'm using the rpm version of sendmail in my centos-3 box (sendmail > 8.12) and I would like to upgrade to sendmail 8.13 to use this > feature, that seems really great. Is there some problem I should be > aware, or the tar.gz version found at sendmail.org would work fine on > my machine? Anyone using 8.13 at centos-3 or some similar OS? > > Regards > > Roger Jochem > > ----- Original Message ----- From: "Anders Andersson, IT" > > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:01 AM > Subject: RE: sendmail greet_pause feature > > >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Jim Holland >>> Sent: Wednesday, February 01, 2006 9:12 AM >>> To: MailScanner mailing list >>> Subject: OT: sendmail greet_pause feature >>> >>> Perhaps other sendmail users know all about this, but I have >>> only looked at it for the first time. >>> >>> I run sendmail 8.13.1 and have decided to implement the >>> greet_pause feature for the first time (after seeing that it >>> is a default option in Debian installations). This requires >>> a specified delay after connection, which can be network >>> specific, before a client system is allowed to send any SMTP >>> commands. Any client that breaks normal SMTP protocols by >>> trying to force commands before receiving the go-ahead is >>> immediately disconnected. This seems to distinguish very >>> successfully between genuine mailers and spammers/viruses >>> that are not RFC-compliant. >>> >>> Using a 5 second delay I have found that the system has >>> blocked over 3200 connections in the first 24 hours I used >>> it. The client systems were all typical of spammers, with >>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>> record at all. I found only four systems in the blocked >>> group that looked as if they were genuine. On further >>> investigation I found that earlier log records for some of >>> those sites indicated behaviour typical of virus infections >>> in any case. >> >> I second that, thoguh I raised mine to 25 sec just for the fun of it. I >> started low but raised it by 5 sec eeverytime and its been running >> smooth. So far no one complained and the ones we have a great >> mailexchange with been added to acces list >> >> /Anders >> >>> >>> To implement the feature: >>> >>> Add the following to the sendmail.mc file: >>> >>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>> >>> Rebuild sendmail and restart MailScanner: >>> >>> m4 < sendmail.mc > sendmail.cf >>> service MailScanner restart >>> >>> Then specific entries for client hostname, domain, IP address >>> or subnet can be put in the access file: >>> >>> GreetPause:my.domain 0 >>> GreetPause:example.com 5000 >>> GreetPause:10.1.2 2000 >>> GreetPause:127.0.0.1 0 >>> >>> Definitely worth a look I would say, as it blocks large >>> numbers of spammers before they are allowed to send any data, >>> with very low risk of blocking genuine systems. It even >>> seems to allow genuine mail from infected systems to be >>> accepted while blocking viruses from those same systems >>> before the DATA phase - as many viruses seem to behave rather >>> impolitely :-) >>> >>> Regards >>> >>> Jim Holland >>> System Administrator >>> MANGO - Zimbabwe's non-profit e-mail service >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From Denis.Beauchemin at USherbrooke.ca Wed Feb 1 19:19:19 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Feb 1 19:19:39 2006 Subject: ALL_TRUSTED problems In-Reply-To: <43E1089F.3000003@nkpanama.com> References: <223f97700602010049k72250beat@mail.gmail.com> <43E1089F.3000003@nkpanama.com> Message-ID: <43E109B7.4020709@USherbrooke.ca> Alex Neuman van der Hans wrote: > > > Glenn Steen wrote: > >> On 01/02/06, Richard Edge wrote: >> >> >>> >> >> Ok, how about quoting a bit of the begining of "spamassassin --lint >> -D" here? Just the part Matt's been asking about... >> >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se >> > > Sorry for the newbie "bash" / spamassassin question, but is there a > way for spamassassin to output to stdout instead of stderr so I can > look at it with "more" or "less"? I keep having to &> to a tempfile > and then "less" the tempfile. > Alex, Use: command 2>&1 | less to redirect stderr to the same file descriptor as stdout. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 From alex at nkpanama.com Wed Feb 1 19:36:01 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 1 19:36:16 2006 Subject: sendmail greet_pause feature In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D6801527A4E@rsys005a.comm.ad.roke.co.uk> References: <2181C5F19DD0254692452BFF3EAF1D6801527A4E@rsys005a.comm.ad.roke.co.uk> Message-ID: <43E10DA1.9030501@nkpanama.com> Alongside. I've set up greylisting on most domains I administer. Also works wonders. I *do* start greylisting with a low value (30 seconds) and work my way up to what is comfortable (some people *demand* their e-mail be let through immediately). Plant, Dean wrote: > Should this be used as a replacement to greylisting or can it be used > along side? > > Dean > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jim > Holland > Sent: 01 February 2006 08:12 > To: MailScanner mailing list > Subject: OT: sendmail greet_pause feature > > > Perhaps other sendmail users know all about this, but I have only looked > > at it for the first time. > > I run sendmail 8.13.1 and have decided to implement the greet_pause > feature for the first time (after seeing that it is a default option in > Debian installations). This requires a specified delay after > connection, > which can be network specific, before a client system is allowed to send > any SMTP commands. Any client that breaks normal SMTP protocols by > trying > to force commands before receiving the go-ahead is immediately > disconnected. This seems to distinguish very successfully between > genuine > mailers and spammers/viruses that are not RFC-compliant. > > Using a 5 second delay I have found that the system has blocked over > 3200 > connections in the first 24 hours I used it. The client systems were > all > typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames > or > no PTR record at all. I found only four systems in the blocked group > that > looked as if they were genuine. On further investigation I found that > earlier log records for some of those sites indicated behaviour typical > of > virus infections in any case. > > To implement the feature: > > Add the following to the sendmail.mc file: > > FEATURE(`greet_pause', `5000')dnl 5 seconds > > Rebuild sendmail and restart MailScanner: > > m4 < sendmail.mc > sendmail.cf > service MailScanner restart > > Then specific entries for client hostname, domain, IP address or subnet > can be put in the access file: > > GreetPause:my.domain 0 > GreetPause:example.com 5000 > GreetPause:10.1.2 2000 > GreetPause:127.0.0.1 0 > > Definitely worth a look I would say, as it blocks large numbers of > spammers before they are allowed to send any data, with very low risk of > > blocking genuine systems. It even seems to allow genuine mail from > infected systems to be accepted while blocking viruses from those same > systems before the DATA phase - as many viruses seem to behave rather > impolitely :-) > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From Edge at twu.ca Wed Feb 1 20:00:01 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 1 19:59:39 2006 Subject: ALL_TRUSTED problems Message-ID: The trouble with making changes in the 50_scores.cf is that the change will be overwrittent whenever SA is updated. I should be able to place 'overrides' in the spam.assassin.prefs.conf file as the documentation states and have them override the defaults. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Joan Clark Sent: Wednesday, February 01, 2006 10:46 AM To: mailscanner@lists.mailscanner.info Subject: RE: ALL_TRUSTED problems Greetings, Please take a quick look at if you have not already: /usr/share/spamassassin/50_scores.cf Hopefully you might find something there. From glenn.steen at gmail.com Wed Feb 1 20:16:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 20:16:26 2006 Subject: Fwd: SQLite and postfix... In-Reply-To: <223f97700602010923w68b73106l@mail.gmail.com> References: <223f97700602010923w68b73106l@mail.gmail.com> Message-ID: <223f97700602011216x753fafccx@mail.gmail.com> ---------- Forwarded message ---------- From: Glenn Steen Date: 01-Feb-2006 18:23 Subject: SQLite and postfix... To: MailScanner@lists.mailscanner.info Just a note, if this hasn't been covered already: Updated to the latest stable (4.50.14) on my prod machine running postfix...It's a Mdv 10.2, so I used that rpm method. Apparantly the SQLite db got created during install, with only user rw perms... and a "non-postfix" user. This made MailScanner loop during startup (all the children died immediately). Running --debug complained about line 172 in SA.pm, which happen to be an operation on the SQLite, so ... eventually led me right:-). Simple fix is to remove the file /var/spool/MailScanner/incoming/SpamAssassin.cache.db and do "service MailScanner restart" ... and a pristine file with the correect perms/owner get created. One could've just changed the owner, of course:-). Other than that, it looks to be _really_ nice... and fast. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 1 20:23:04 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 20:23:08 2006 Subject: Fwd: Returned mail: List unknown In-Reply-To: <200602011723.k11HNYrL000928@bkserver.blacknight.ie> References: <200602011723.k11HNYrL000928@bkserver.blacknight.ie> Message-ID: <223f97700602011223ie28f8fp@mail.gmail.com> Seems the MailMan is picky about case of the user part of the address... The mail below (now forwarded to the list separately too) was sent by clicking on the address in the standard list footer, which has been "beutified" with the usual mixed cas... Which seems to be a no-no. Sigh. IIRC, MailMan is actually correct in making this distinction in the user part of the adress, so... Jules (or Paul or Michelle), could you change this to match the actual list name (mailscanner)? ---------- Forwarded message ---------- From: MAILER-DAEMON@lists.mailscanner.info Date: 01-Feb-2006 18:23 Subject: Returned mail: List unknown To: glenn.steen@gmail.com Your mail for MailScanner@lists.mailscanner.info could not be sent: no list named "MailScanner" is known by lists.mailscanner.info For a list of publicly-advertised mailing lists hosted on this server, visit this URL: http://lists.mailscanner.info/ If this does not resolve your problem, you may write to: postmaster@lists.mailscanner.info or mailman-owner@lists.mailscanner.info lists.mailscanner.info delivers e-mail to registered mailing lists and to the administrative addresses defined and required by IETF Request for Comments (RFC) 2142 [1]. Personal e-mail addresses are not offered by this server. The Internet Engineering Task Force [2] (IETF) oversees the development of open standards for the Internet community, including the protocols and formats employed by Internet mail systems. For your convenience, your original mail is attached. [1] Crocker, D. "Mailbox Names for Common Services, Roles and Functions". http://www.ietf.org/rfc/rfc2142.txt [2] http://www.ietf.org/ ---------- Forwarded message ---------- From: Glenn Steen To: MailScanner@lists.mailscanner.info Date: Wed, 1 Feb 2006 18:23:32 +0100 Subject: SQLite and postfix... Just a note, if this hasn't been covered already: Updated to the latest stable (4.50.14) on my prod machine running postfix...It's a Mdv 10.2, so I used that rpm method. Apparantly the SQLite db got created during install, with only user rw perms... and a "non-postfix" user. This made MailScanner loop during startup (all the children died immediately). Running --debug complained about line 172 in SA.pm, which happen to be an operation on the SQLite, so ... eventually led me right:-). Simple fix is to remove the file /var/spool/MailScanner/incoming/SpamAssassin.cache.db and do "service MailScanner restart" ... and a pristine file with the correect perms/owner get created. One could've just changed the owner, of course:-). Other than that, it looks to be _really_ nice... and fast. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 1 20:34:28 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 20:34:32 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602011234k337d9adaq@mail.gmail.com> On 01/02/06, Richard Edge wrote: > The trouble with making changes in the 50_scores.cf is that the change > will be overwrittent whenever SA is updated. I should be able to place > 'overrides' in the spam.assassin.prefs.conf file as the documentation > states and have them override the defaults. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > Hi Richard, How abot it? Could you please qquote at least the relevant parts of a lint&debug run? Pretty please:-)... Or did you give us that already`(Meaning I should go delve into the archives...:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dnsadmin at 1bigthink.com Wed Feb 1 20:40:19 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Feb 1 20:40:26 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> At 03:00 PM 2/1/2006, you wrote: >The trouble with making changes in the 50_scores.cf is that the change >will be overwrittent whenever SA is updated. I should be able to place >'overrides' in the spam.assassin.prefs.conf file as the documentation >states and have them override the defaults. Hello Richard, I looked back at the threads for this post after I saw something very spammy and pornographic (even spelled correctly!) slip by my server last night and it was due to the ALL_TRUSTED rule as well. Is that what happened to you? Where are the guts of what is triggering ALL_TRUSTED? I don't have any trusted_networks defined in my configs that I know of, nor have seen since hunting through configs for this. Thanks, Glenn From glenn.steen at gmail.com Wed Feb 1 20:57:41 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 20:57:45 2006 Subject: ALL_TRUSTED problems In-Reply-To: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> Message-ID: <223f97700602011257t35f95c96p@mail.gmail.com> On 01/02/06, dnsadmin 1bigthink.com wrote: > At 03:00 PM 2/1/2006, you wrote: > > >The trouble with making changes in the 50_scores.cf is that the change > >will be overwrittent whenever SA is updated. I should be able to place > >'overrides' in the spam.assassin.prefs.conf file as the documentation > >states and have them override the defaults. > > Hello Richard, > > I looked back at the threads for this post after I saw something very > spammy and pornographic (even spelled correctly!) slip by my server > last night and it was due to the ALL_TRUSTED rule as well. Is that > what happened to you? > > Where are the guts of what is triggering ALL_TRUSTED? Hi Glenn, The "guts" are in spamassassin, of course... Matt Kettler has covered this extensively on this list in the past (how it works, what it is and what to do about it getting misdetected)... Pehraps one of those would turn up if you search the list archives (on gmane) for kettler and trusted_path:-). > I don't have any trusted_networks defined in my configs that I know > of, nor have seen since hunting through configs for this. You should set trusted_networks to your mailservers IP addresses (or network). IIRC this is suggested in spam.assassin.prefs.conf / mailscanner.cf .... > Thanks, > Glenn > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Edge at twu.ca Wed Feb 1 20:58:02 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 1 20:57:56 2006 Subject: ALL_TRUSTED problems Message-ID: Yes, this is part of the problem. I am noticing a number of messages that are spam and would be identified as such and quarantined. The ALL_TRUSTED -1.80 score being the one that makes the difference in these cases. My installation on both gateways is acting exactly the same. Both installations were done eaxclty the same way using the MailScaner RPM install.sh installation script in evey case on RHEL 3 Update 6. The directories and configuation file locations is the same as the default RPM installation. The mailscanner.cf file is in the /etc/mail/spamassassin directory as a link to /etc/MailScanner/spam.assassin.prefs.conf. My MailScanner.conf file is in /etc/MailScanner. For Glen: I posted the output of spamasassin --lint in a message sent this morning at 8:26 AM. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Wednesday, February 01, 2006 12:40 PM To: MailScanner discussion Subject: RE: ALL_TRUSTED problems At 03:00 PM 2/1/2006, you wrote: >The trouble with making changes in the 50_scores.cf is that the change >will be overwrittent whenever SA is updated. I should be able to place >'overrides' in the spam.assassin.prefs.conf file as the documentation >states and have them override the defaults. Hello Richard, I looked back at the threads for this post after I saw something very spammy and pornographic (even spelled correctly!) slip by my server last night and it was due to the ALL_TRUSTED rule as well. Is that what happened to you? Where are the guts of what is triggering ALL_TRUSTED? I don't have any trusted_networks defined in my configs that I know of, nor have seen since hunting through configs for this. Thanks, Glenn -- MailScanner mailing list MailScanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lhaig at haigmail.com Wed Feb 1 20:59:30 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 20:59:33 2006 Subject: Downloading the latest update :-) Message-ID: <43E12132.5060402@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have one question though. Is it easier to download the SA clam package from Julians site to update clam or would it be better to just update clam from the clam site? I don't want to lose the clamavmodule part of the install as I have had problems installing it in the past. I have SA 3.1 and Clamav 87 on suse 9.3 Thanks Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4SEyM4kHBIBZ61gRAjV3AKCXhy4sgKFH9TTlteH98BVAeYEVMQCfRYwU dWfK4YybBM96+YPocrtwQr0= =g9xQ -----END PGP SIGNATURE----- From timgrooms at noacon.com Wed Feb 1 21:06:11 2006 From: timgrooms at noacon.com (Tim Grooms) Date: Wed Feb 1 21:03:51 2006 Subject: Having trouble with mqueue.in Message-ID: <43E122C3.20705@noacon.com> Installed MailScanner-4.50.14-1 and ClamAV/SpamAssassin today from the rpm files MailScanner-4.50.14-1.rpm.tar.gz and install-Clam-SA.tar.gz Everything seemed to work fine in the installs. Ran upgrade_MailScanner_conf and upgrade_languages.conf and those seemed to go ok as well. I am using Fedora Core 4 and sendmail. I cannot get incoming mail to come through and get the following when trying to start MailScanner: --------------------------------------------------------------------------------------------------------- [root@www log]# service MailScanner start Starting MailScanner daemons: incoming sendmail: Warning: Option: AuthOptions requires SASL support (-DSASL) /): No such file or directoryspool/mqueue.in [OK] outgoing sendmail: Warning: Option: AuthOptions requires SASL support (-DSASL) [OK] MailScanner [OK] [root@www log]# ---------------------------------------------------------------------------------------------------------- There are no errors in the maillog file everything appears to start normally. I have checked the folders and permissions in /var/spool and all seems OK there as well as the path in MailScanner.conf to both incoming and outgoing queues. Any suggestions? I'm stumped. Thanks. From glenn.steen at gmail.com Wed Feb 1 21:06:05 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 21:06:10 2006 Subject: ALL_TRUSTED problems In-Reply-To: <223f97700602011257t35f95c96p@mail.gmail.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> <223f97700602011257t35f95c96p@mail.gmail.com> Message-ID: <223f97700602011306w6bda9bfbi@mail.gmail.com> On 01/02/06, Glenn Steen wrote: > On 01/02/06, dnsadmin 1bigthink.com wrote: > > At 03:00 PM 2/1/2006, you wrote: > > > > >The trouble with making changes in the 50_scores.cf is that the change > > >will be overwrittent whenever SA is updated. I should be able to place > > >'overrides' in the spam.assassin.prefs.conf file as the documentation > > >states and have them override the defaults. > > > > Hello Richard, > > > > I looked back at the threads for this post after I saw something very > > spammy and pornographic (even spelled correctly!) slip by my server > > last night and it was due to the ALL_TRUSTED rule as well. Is that > > what happened to you? > > > > Where are the guts of what is triggering ALL_TRUSTED? > Hi Glenn, > > The "guts" are in spamassassin, of course... Matt Kettler has covered > this extensively on this list in the past (how it works, what it is > and what to do about it getting misdetected)... Pehraps one of those > would turn up if you search the list archives (on gmane) for kettler > and trusted_path:-). > > > I don't have any trusted_networks defined in my configs that I know > > of, nor have seen since hunting through configs for this. > > You should set trusted_networks to your mailservers IP addresses (or network). > IIRC this is suggested in spam.assassin.prefs.conf / mailscanner.cf .... > > > Thanks, > > Glenn > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > Here's a link to one (with Jules reply... First hit, and I'm too lazy to find the original:-): http://article.gmane.org/gmane.mail.virus.mailscanner/26152/match=kettler+trust+path -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Feb 1 21:15:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 21:15:22 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: <20060201182512.GA30959@gbcomputers.com> References: <20060201182512.GA30959@gbcomputers.com> Message-ID: <43E124E4.6070907@ecs.soton.ac.uk> Do perl -MCPAN -e shell install Storable quit Make sure it doesn't start upgrading your entire Perl installation, thump Ctrl-C like crazy if it does! Then try running the install.sh again. Gregg Berkholtz wrote: > It appears I cant install DBI as I'm getting the following error after running > MailScanner's install.sh on a Debian 3.0 system. Any assistance is greatly > appreciated: > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 1 21:23:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 21:23:10 2006 Subject: Fwd: SQLite and postfix... In-Reply-To: <223f97700602011216x753fafccx@mail.gmail.com> References: <223f97700602010923w68b73106l@mail.gmail.com> <223f97700602011216x753fafccx@mail.gmail.com> Message-ID: <43E126BC.3020108@ecs.soton.ac.uk> Glenn Steen wrote: > ---------- Forwarded message ---------- > From: Glenn Steen > Date: 01-Feb-2006 18:23 > Subject: SQLite and postfix... > To: MailScanner@lists.mailscanner.info > > > Just a note, if this hasn't been covered already: > > Updated to the latest stable (4.50.14) on my prod machine running > postfix...It's a Mdv 10.2, so I used that rpm method. > > Apparantly the SQLite db got created during install, with only user rw > perms... and a "non-postfix" user. This made MailScanner loop during > startup (all the children died immediately). Running --debug > complained about line 172 in SA.pm, which happen to be an operation on > the SQLite, so ... eventually led me right:-). > > Simple fix is to remove the file > /var/spool/MailScanner/incoming/SpamAssassin.cache.db and do "service > MailScanner restart" ... and a pristine file with the correect > perms/owner get created. One could've just changed the owner, of > course:-). > > Other than that, it looks to be _really_ nice... and fast. The db file shouldn't be created by the installation. Are you sure you didn't run it at all before setting the Run As User? Glad to hear it is faster :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Feb 1 21:27:33 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 21:27:37 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602011327r168daca0n@mail.gmail.com> On 01/02/06, Richard Edge wrote: (snip) > For Glen: > I posted the output of spamasassin --lint in a message sent this morning > at 8:26 AM. Ooops, sorry! Missed it earlier (have had quite a day, trying to squeeze in a MailScaner update into an already overfull schedule (a lot of VPN tomfoolery.... and laptops... and meetings...Sheez, I'm a _server_ type of guy:-). Ok, assuming the output for the postfix user is (as you say) the same as for the root and apache users... This really _is_ strange. If you use od -oc on the mailscanner.cf, do you see any stray .... non-printable characters or somesuch? If you intriduce an error into the file and then lint it, does that show? Just add an unknown (by SA) string... If not, something makes SA abandon the file silently... Which sound pretty unlikely, now doesn't it? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Feb 1 21:33:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 21:33:52 2006 Subject: Downloading the latest update :-) In-Reply-To: <43E12132.5060402@haigmail.com> References: <43E12132.5060402@haigmail.com> Message-ID: <43E1293C.5020503@ecs.soton.ac.uk> Lance Haig wrote: > Is it easier to download the SA clam package from Julians site to update > clam or would it be better to just update clam from the clam site? > > I don't want to lose the clamavmodule part of the install as I have had > problems installing it in the past. > > I have SA 3.1 and Clamav 87 on suse 9.3 > I would do my package. It will upgrade Clam then rebuild Mail::ClamAV and link it against the Clam it just built. More reliable in my view. I don't like building perl modules that call C libraries without knowing I had the latest C library when it was linked together. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 1 21:36:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 21:36:39 2006 Subject: Having trouble with mqueue.in In-Reply-To: <43E122C3.20705@noacon.com> References: <43E122C3.20705@noacon.com> Message-ID: <43E129E4.1040304@ecs.soton.ac.uk> Tim Grooms wrote: > Installed MailScanner-4.50.14-1 and ClamAV/SpamAssassin today from the > rpm files > MailScanner-4.50.14-1.rpm.tar.gz and > install-Clam-SA.tar.gz > > Everything seemed to work fine in the installs. Ran > upgrade_MailScanner_conf and > upgrade_languages.conf and those seemed to go ok as well. > > I am using Fedora Core 4 and sendmail. I cannot get incoming mail to > come through and get > the following when trying to start MailScanner: > > --------------------------------------------------------------------------------------------------------- > > > [root@www log]# service MailScanner start > Starting MailScanner daemons: > incoming sendmail: Warning: Option: AuthOptions requires > SASL support (-DSASL) Look for AuthOptions in /etc/mail/sendmail.cf. Try commenting it out completely. > /): No such file or directoryspool/mqueue.in Did it really say that? If so, you've screwed up /var/spool/mqueue.in somewhere. Check it printed exactly this. You should have a /var/spool/mqueue.in directory with the same permissions as /var/spool/mqueue. > > [OK] > outgoing sendmail: Warning: Option: AuthOptions requires > SASL support (-DSASL) > > [OK] > MailScanner > [OK] > [root@www log]# > > ---------------------------------------------------------------------------------------------------------- > > > There are no errors in the maillog file everything appears to start > normally. I have checked the > folders and permissions in /var/spool and all seems OK there as well > as the path in > MailScanner.conf to both incoming and outgoing queues. > > Any suggestions? I'm stumped. > > Thanks. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Wed Feb 1 21:37:44 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Feb 1 21:37:52 2006 Subject: Beta to latest stable suggestions Message-ID: <002301c62777$bc980a30$0705000a@DDF5DW71> I had installed the 4.50-12 Beta last week to get the latest configuration file changes. Is there any reason to upgrade to the latest stable? Should I have changed the "Minimum Supported Status" in the conf file to 'Beta' for the Beta release, and what are the results of not doing so if I should have changed this? Thanks. Steve Campbell campbell@cnpapers.com Charleston Newspapers From dcurtisathome at hotmail.com Wed Feb 1 21:42:22 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Wed Feb 1 21:42:26 2006 Subject: Problems starting after upgrading to 4.50.14 Message-ID: I am getting an error now since I upgraded: service MailScanner start Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: In Debugging mode, not forking... Can't call method "do" on an undefined value at /usr/lib/MailScanner/MailScanner/SA.pm line 172. This is the same problem Glenn talked about, but my problem is that there is no "/var/spool/MailScanner/incoming/SpamAssassin.cache.db" file. Any idea's would be very helpfull. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/bab70001/attachment.html From lhaig at haigmail.com Wed Feb 1 21:43:41 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 21:43:44 2006 Subject: Downloading the latest update :-) In-Reply-To: <43E1293C.5020503@ecs.soton.ac.uk> References: <43E12132.5060402@haigmail.com> <43E1293C.5020503@ecs.soton.ac.uk> Message-ID: <43E12B8D.20002@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Julian, Thanks I will do that I was worried that it would break SA or something Lance Julian Field wrote: > Lance Haig wrote: >> Is it easier to download the SA clam package from Julians site to update >> clam or would it be better to just update clam from the clam site? >> >> I don't want to lose the clamavmodule part of the install as I have had >> problems installing it in the past. >> >> I have SA 3.1 and Clamav 87 on suse 9.3 >> > I would do my package. It will upgrade Clam then rebuild Mail::ClamAV > and link it against the Clam it just built. > More reliable in my view. > > I don't like building perl modules that call C libraries without knowing > I had the latest C library when it was linked together. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4SuNM4kHBIBZ61gRAhoiAJ4hN8l7Vl1PUJepZ5TLhUYhHtRoMACeLSqI NtQQpzFnN5dPc7mf17WO7UE= =feTX -----END PGP SIGNATURE----- From glenn.steen at gmail.com Wed Feb 1 21:46:21 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 21:46:24 2006 Subject: Fwd: SQLite and postfix... In-Reply-To: <43E126BC.3020108@ecs.soton.ac.uk> References: <223f97700602010923w68b73106l@mail.gmail.com> <223f97700602011216x753fafccx@mail.gmail.com> <43E126BC.3020108@ecs.soton.ac.uk> Message-ID: <223f97700602011346p327e1b06y@mail.gmail.com> On 01/02/06, Julian Field wrote: > Glenn Steen wrote: > > ---------- Forwarded message ---------- > > From: Glenn Steen > > Date: 01-Feb-2006 18:23 > > Subject: SQLite and postfix... > > To: MailScanner@lists.mailscanner.info > > > > > > Just a note, if this hasn't been covered already: > > > > Updated to the latest stable (4.50.14) on my prod machine running > > postfix...It's a Mdv 10.2, so I used that rpm method. > > > > Apparantly the SQLite db got created during install, with only user rw > > perms... and a "non-postfix" user. This made MailScanner loop during > > startup (all the children died immediately). Running --debug > > complained about line 172 in SA.pm, which happen to be an operation on > > the SQLite, so ... eventually led me right:-). > > > > Simple fix is to remove the file > > /var/spool/MailScanner/incoming/SpamAssassin.cache.db and do "service > > MailScanner restart" ... and a pristine file with the correect > > perms/owner get created. One could've just changed the owner, of > > course:-). > > > > Other than that, it looks to be _really_ nice... and fast. > The db file shouldn't be created by the installation. Are you sure you > didn't run it at all before setting the Run As User? Yeah, pretty sure. It was an upgrade, not an install... So MailScanner was already set for the postfix user, and yes... I did do the suggested upgrade of conf file (and triple checked with diff and reading the file from top to bottom and --linting) before restarting the MailScanner service and putting in the first message (via telnet)... Immediately noted a few processes, and the message just sat there... So I don't think it was anything like that. I'll probably get to redo the upgrade tomorrow (on the other server), and will be sure to take better notes then. Come to think of it, I might have done a "MailScanner --lint" before upgrading the MailScanner.conf file... It complained about the spurious spam.assassin.prefs.conf line, IIRC... But it should still have switched into "postfix" user, right? Or did that prevent it from using it, then perform the spam cache query ... which then created the bum file? I'll try retrace my steps tomorrow and see what gives. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lhaig at haigmail.com Wed Feb 1 21:50:38 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 21:50:42 2006 Subject: Downloading the latest update :-) In-Reply-To: <43E1293C.5020503@ecs.soton.ac.uk> References: <43E12132.5060402@haigmail.com> <43E1293C.5020503@ecs.soton.ac.uk> Message-ID: <43E12D2E.2070106@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have an error in my Mailscanner --lint command mailhost:~ # MailScanner --lint Possible syntax error on line 19 of /etc/MailScanner/filename.rules.conf at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to separate fields with tab characters! at /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 710 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender, clamavmodule I have checked the file and all fields are seperated by tabs so I am a bit confused. Can anyone shed some light? Lance Julian Field wrote: > Lance Haig wrote: >> Is it easier to download the SA clam package from Julians site to update >> clam or would it be better to just update clam from the clam site? >> >> I don't want to lose the clamavmodule part of the install as I have had >> problems installing it in the past. >> >> I have SA 3.1 and Clamav 87 on suse 9.3 >> > I would do my package. It will upgrade Clam then rebuild Mail::ClamAV > and link it against the Clam it just built. > More reliable in my view. > > I don't like building perl modules that call C libraries without knowing > I had the latest C library when it was linked together. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4S0uM4kHBIBZ61gRAo16AJ9+FSeWE4cT3skyFhuSjeWalpyhZwCgnVzG nTXWcF/6F/Zl/TNoOzu0iSQ= =35oY -----END PGP SIGNATURE----- From dnsadmin at 1bigthink.com Wed Feb 1 21:51:48 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Feb 1 21:52:05 2006 Subject: ALL_TRUSTED problems In-Reply-To: <223f97700602011306w6bda9bfbi@mail.gmail.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> <223f97700602011257t35f95c96p@mail.gmail.com> <223f97700602011306w6bda9bfbi@mail.gmail.com> Message-ID: <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> At 04:06 PM 2/1/2006, you wrote: >On 01/02/06, Glenn Steen wrote: > > On 01/02/06, dnsadmin 1bigthink.com wrote: > > > At 03:00 PM 2/1/2006, you wrote: > > > > > > >The trouble with making changes in the 50_scores.cf is that the change > > > >will be overwrittent whenever SA is updated. I should be able to place > > > >'overrides' in the spam.assassin.prefs.conf file as the documentation > > > >states and have them override the defaults. > > > > > > Hello Richard, > > > > > > I looked back at the threads for this post after I saw something very > > > spammy and pornographic (even spelled correctly!) slip by my server > > > last night and it was due to the ALL_TRUSTED rule as well. Is that > > > what happened to you? > > > > > > Where are the guts of what is triggering ALL_TRUSTED? > > Hi Glenn, > > > > The "guts" are in spamassassin, of course... Matt Kettler has covered > > this extensively on this list in the past (how it works, what it is > > and what to do about it getting misdetected)... Pehraps one of those > > would turn up if you search the list archives (on gmane) for kettler > > and trusted_path:-). > > > > > I don't have any trusted_networks defined in my configs that I know > > > of, nor have seen since hunting through configs for this. > > > > You should set trusted_networks to your mailservers IP addresses > (or network). > > IIRC this is suggested in spam.assassin.prefs.conf / mailscanner.cf .... > > > > > Thanks, > > > Glenn > > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > >Here's a link to one (with Jules reply... First hit, and I'm too lazy >to find the original:-): >http://article.gmane.org/gmane.mail.virus.mailscanner/26152/match=kettler+trust+path > >-- Thanks Glenn, I read the whole thread dated 03/08- 03/10/2005. I still don't see the resolution. I am not NAt'd. I am not gatewayed. I am cleared by my ISP to answer direct DNS PTR. I love Sprint, by the way! Nor do I see why this was all of a sudden a factor on my server, when I can't say that it has been in the past. Could I have missed it? It is possible, since I have Dynamic DNS customers on a Verizon network, and the IP neighborhood was close on this nasty spam, that SA was making an educated guess? I've been sitting on MailScanner version 4.41.3 for quite some time and was preparing to upgrade this weekend. Thanks, Glenn Parsons From timgrooms at noacon.com Wed Feb 1 21:54:41 2006 From: timgrooms at noacon.com (Tim Grooms) Date: Wed Feb 1 21:52:20 2006 Subject: Having trouble with mqueue.in In-Reply-To: <43E129E4.1040304@ecs.soton.ac.uk> References: <43E122C3.20705@noacon.com> <43E129E4.1040304@ecs.soton.ac.uk> Message-ID: <43E12E21.7080002@noacon.com> Julian Field wrote: > > > Tim Grooms wrote: >> Installed MailScanner-4.50.14-1 and ClamAV/SpamAssassin today from >> the rpm files >> MailScanner-4.50.14-1.rpm.tar.gz and >> install-Clam-SA.tar.gz >> >> Everything seemed to work fine in the installs. Ran >> upgrade_MailScanner_conf and >> upgrade_languages.conf and those seemed to go ok as well. >> >> I am using Fedora Core 4 and sendmail. I cannot get incoming mail to >> come through and get >> the following when trying to start MailScanner: >> >> --------------------------------------------------------------------------------------------------------- >> >> >> [root@www log]# service MailScanner start >> Starting MailScanner daemons: >> incoming sendmail: Warning: Option: AuthOptions requires >> SASL support (-DSASL) > Look for AuthOptions in /etc/mail/sendmail.cf. Try commenting it out > completely. Ok, I'll do that next. >> /): No such file or directoryspool/mqueue.in > Did it really say that? If so, you've screwed up /var/spool/mqueue.in > somewhere. Check it printed exactly this. You should have a > /var/spool/mqueue.in directory with the same permissions as > /var/spool/mqueue. Yep, that's exactly what it said and I do have both directorys with the same permissions. When I tell it to stop MailScanner I get the following line: : No such file or directoryne 315: cd: /var/spool/MailScanner/incoming but there is a /var/spool/MailScanner/incoming folder also. I can stop MailScanner and start sendmail and I can receive mail again. But once I stop sendmail and start MailScanner my mail stops coming in again. >> >> [OK] >> outgoing sendmail: Warning: Option: AuthOptions requires >> SASL support (-DSASL) >> >> [OK] >> >> MailScanner >> [OK] >> [root@www log]# >> >> ---------------------------------------------------------------------------------------------------------- >> >> >> There are no errors in the maillog file everything appears to start >> normally. I have checked the >> folders and permissions in /var/spool and all seems OK there as well >> as the path in >> MailScanner.conf to both incoming and outgoing queues. >> >> Any suggestions? I'm stumped. >> >> Thanks. >> > Thanks for the help. Tim From gregg at gbcomputers.com Wed Feb 1 22:04:12 2006 From: gregg at gbcomputers.com (Gregg Berkholtz) Date: Wed Feb 1 22:04:16 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: <43E124E4.6070907@ecs.soton.ac.uk> References: <20060201182512.GA30959@gbcomputers.com> <43E124E4.6070907@ecs.soton.ac.uk> Message-ID: <20060201220412.GA10311@gbcomputers.com> Thanks for the response, but it still appears to fail. The Storable install went well, with the final messages being: /usr/bin/make -- OK /usr/bin/make test -- OK /usr/bin/make install -- OK install.sh does report "Good, you appear to only have 1 copy of Perl installed: /usr/bin/perl", and it appears the install.sh is looking for storable in /usr/local/... An ls of the Storables folder: Apr 25 2002 Storable.bs Apr 25 2002 Storable.so Apr 25 2002 _freeze.al Apr 25 2002 _retrieve.al Apr 25 2002 _store.al Apr 25 2002 _store_fd.al Apr 25 2002 autosplit.ix Apr 25 2002 fd_retrieve.al Apr 25 2002 freeze.al Apr 25 2002 lock_nstore.al Apr 25 2002 lock_retrieve.al Apr 25 2002 lock_store.al Apr 25 2002 nfreeze.al Apr 25 2002 nstore.al Apr 25 2002 nstore_fd.al Apr 25 2002 retrieve.al Apr 25 2002 store.al Apr 25 2002 store_fd.al Apr 25 2002 thaw.al Shouldn't those files be more current? Running ./install.sh afterwards reports these errors: "... Attempting to build and install DBI-1.50 Unpacking perl-tar/DBI-1.50.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. ************************************************************************** Perl versions below 5.6.1 are no longer supported by the DBI. Perl versions 5.6.x may fail during installation with a complaint about the use of =head3 in the pod documentation. Press return to continue... ************************************************************************** *** Note: The optional PlRPC-modules (RPC::PlServer etc) are not installed. If you want to use the DBD::Proxy driver and DBI::ProxyServer modules, then you'll need to install the RPC::PlServer, RPC::PlClient, Storable and Net::Daemon modules. The CPAN Bundle::DBI may help you. You can install them any time after installing the DBI. You do *not* need these modules for typical DBI usage. Optional modules are available from any CPAN mirror, in particular http://search.cpan.org/ http://www.perl.com/CPAN/modules/by-module http://www.perl.org/CPAN/modules/by-module ftp://ftp.funet.fi/pub/languages/perl/CPAN/modules/by-module Creating DBI::PurePerl test variant: t/zvpp_01basics.t Creating DBI::PurePerl test variant: t/zvpp_02dbidrv.t Creating DBI::PurePerl test variant: t/zvpp_03handle.t Creating DBI::PurePerl test variant: t/zvpp_04mods.t Creating DBI::PurePerl test variant: t/zvpp_05thrclone.t Creating DBI::PurePerl test variant: t/zvpp_06attrs.t Creating DBI::PurePerl test variant: t/zvpp_07kids.t Creating DBI::PurePerl test variant: t/zvpp_08keeperr.t Creating DBI::PurePerl test variant: t/zvpp_09trace.t Creating DBI::PurePerl test variant: t/zvpp_10examp.t Creating DBI::PurePerl test variant: t/zvpp_11fetch.t Creating DBI::PurePerl test variant: t/zvpp_14utf8.t Creating DBI::PurePerl test variant: t/zvpp_15array.t Creating DBI::PurePerl test variant: t/zvpp_20meta.t Creating DBI::PurePerl test variant: t/zvpp_30subclass.t Creating DBI::PurePerl test variant: t/zvpp_40profile.t Creating DBI::PurePerl test variant: t/zvpp_41prof_dump.t Creating DBI::PurePerl test variant: t/zvpp_42prof_data.t Creating DBI::PurePerl test variant: t/zvpp_43profenv.t Creating DBI::PurePerl test variant: t/zvpp_50dbm.t Creating DBI::PurePerl test variant: t/zvpp_60preparse.t Creating DBI::PurePerl test variant: t/zvpp_70callbacks.t Creating DBI::PurePerl test variant: t/zvpp_72childhandles.t Creating DBI::PurePerl test variant: t/zvpp_80proxy.t Checking if your kit is complete... Looks good I see you're using perl 5.006001 on i386-linux, okay. Remember to actually *read* the README file! Use 'make' to build the software (dmake or nmake on Windows). Then 'make test' to execute self tests. Then 'make install' to install the DBI and then delete this working directory before unpacking and building any DBD::* drivers. Writing Makefile for DBI /usr/bin/perl "-MExtUtils::Command" -e mkpath blib/lib/DBI rm -f blib/lib/DBI/Changes.pm cp Changes blib/lib/DBI/Changes.pm /usr/bin/perl "-MExtUtils::Command" -e mkpath blib/lib/DBI rm -f blib/lib/DBI/Roadmap.pm cp Roadmap.pod blib/lib/DBI/Roadmap.pm cp Driver_xst.h blib/arch/auto/DBI/Driver_xst.h cp lib/DBI/ProfileDumper.pm blib/lib/DBI/ProfileDumper.pm cp Roadmap.pod blib/lib/Roadmap.pod cp DBIXS.h blib/arch/auto/DBI/DBIXS.h cp lib/DBI/DBD/Metadata.pm blib/lib/DBI/DBD/Metadata.pm cp lib/DBD/NullP.pm blib/lib/DBD/NullP.pm cp dbipport.h blib/arch/auto/DBI/dbipport.h cp dbd_xsh.h blib/arch/auto/DBI/dbd_xsh.h cp lib/DBI/Const/GetInfoReturn.pm blib/lib/DBI/Const/GetInfoReturn.pm cp lib/DBI/Const/GetInfo/ANSI.pm blib/lib/DBI/Const/GetInfo/ANSI.pm cp lib/DBI/PurePerl.pm blib/lib/DBI/PurePerl.pm cp lib/DBI/Profile.pm blib/lib/DBI/Profile.pm cp lib/DBI/SQL/Nano.pm blib/lib/DBI/SQL/Nano.pm cp lib/DBD/File.pm blib/lib/DBD/File.pm cp DBI.pm blib/lib/DBI.pm cp lib/DBD/DBM.pm blib/lib/DBD/DBM.pm cp lib/DBI/FAQ.pm blib/lib/DBI/FAQ.pm cp lib/DBD/ExampleP.pm blib/lib/DBD/ExampleP.pm cp lib/Bundle/DBI.pm blib/lib/Bundle/DBI.pm cp lib/Win32/DBIODBC.pm blib/lib/Win32/DBIODBC.pm cp lib/DBI/W32ODBC.pm blib/lib/DBI/W32ODBC.pm cp dbivport.h blib/arch/auto/DBI/dbivport.h cp lib/DBI/DBD.pm blib/lib/DBI/DBD.pm cp lib/DBI/ProfileData.pm blib/lib/DBI/ProfileData.pm cp lib/DBD/Proxy.pm blib/lib/DBD/Proxy.pm cp lib/DBI/ProxyServer.pm blib/lib/DBI/ProxyServer.pm cp lib/DBI/Const/GetInfoType.pm blib/lib/DBI/Const/GetInfoType.pm cp dbi_sql.h blib/arch/auto/DBI/dbi_sql.h cp lib/DBI/ProfileDumper/Apache.pm blib/lib/DBI/ProfileDumper/Apache.pm cp Driver.xst blib/arch/auto/DBI/Driver.xst cp lib/DBI/Const/GetInfo/ODBC.pm blib/lib/DBI/Const/GetInfo/ODBC.pm cp lib/DBD/Sponge.pm blib/lib/DBD/Sponge.pm /usr/bin/perl -p -e "s/~DRIVER~/Perl/g" ./Driver.xst > Perl.xsi /usr/bin/perl /usr/share/perl/5.6.1/ExtUtils/xsubpp -typemap /usr/share/perl/5.6.1/ExtUtils/typemap -typemap typemap Perl.xs > Perl.xsc && mv Perl.xsc Perl.c cc -c -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.50\" -DXS_VERSION=\"1.50\" -fPIC "-I/usr/lib/perl/5.6.1/CORE" -W -Wall -Wpointer-arith -Wbad-function-cast -Wno-comment -Wno-sign-compare -Wno-cast-qual -DDBI_NO_THREADS Perl.c Perl.xs: In function `dbd_st_rows': Perl.xs:39: warning: unused parameter `h' Perl.c: In function `XS_DBD__Perl__dr_data_sources': Perl.c:84: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db__login': Perl.c:119: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_selectall_arrayref': Perl.c:153: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_do': Perl.c:273: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_last_insert_id': Perl.c:310: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_commit': Perl.c:339: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_rollback': Perl.c:356: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_disconnect': Perl.c:373: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_STORE': Perl.c:406: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_FETCH': Perl.c:428: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_DESTROY': Perl.c:447: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_take_imp_data': Perl.c:506: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st__prepare': Perl.c:568: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_col': Perl.c:620: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_param': Perl.c:671: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_param_inout': Perl.c:713: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_execute': Perl.c:761: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_execute_for_fetch': Perl.c:795: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_fetchall_arrayref': Perl.c:868: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_finish': Perl.c:901: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_blob_read': Perl.c:931: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_STORE': Perl.c:969: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_DESTROY': Perl.c:1013: warning: unused parameter `cv' Perl.c: In function `boot_DBD__Perl': Perl.c:1064: warning: unused parameter `cv' Perl.c: At top level: dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used /usr/bin/perl /usr/share/perl/5.6.1/ExtUtils/xsubpp -typemap /usr/share/perl/5.6.1/ExtUtils/typemap -typemap typemap DBI.xs > DBI.xsc && mv DBI.xsc DBI.c cc -c -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.50\" -DXS_VERSION=\"1.50\" -fPIC "-I/usr/lib/perl/5.6.1/CORE" -W -Wall -Wpointer-arith -Wbad-function-cast -Wno-comment -Wno-sign-compare -Wno-cast-qual -DDBI_NO_THREADS DBI.c DBI.xs: In function `dbih_clearcom': DBI.xs:1183: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_get_fbav': DBI.xs:1332: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_set_attr_k': DBI.xs:1514: warning: unused variable `Perl___notused' DBI.xs:1416: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_get_attr_k': DBI.xs:1654: warning: unused variable `Perl___notused' DBI.xs: In function `log_where': DBI.xs:2081: warning: unused variable `Perl___notused' DBI.xs: In function `XS_DBI_dispatch': DBI.xs:2971: warning: unused variable `Perl___notused' DBI.c: In function `XS_DBI__install_method': DBI.c:3650: warning: unused parameter `cv' DBI.c: In function `XS_DBI_dbi_time': DBI.c:3833: warning: unused parameter `cv' DBI.c: In function `XS_DBD_____db_preparse': DBI.c:3988: warning: unused parameter `cv' DBI.c: At top level: dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used Running Mkbootstrap for DBI () chmod 644 DBI.bs rm -f blib/arch/auto/DBI/DBI.so cc -shared -L/usr/local/lib DBI.o -o blib/arch/auto/DBI/DBI.so \ \ chmod 755 blib/arch/auto/DBI/DBI.so cp DBI.bs blib/arch/auto/DBI/DBI.bs chmod 644 blib/arch/auto/DBI/DBI.bs /usr/bin/perl "-Iblib/arch" "-Iblib/lib" dbiproxy.PL dbiproxy Extracted dbiproxy from dbiproxy.PL with variable substitutions. cp dbiproxy blib/script/dbiproxy /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/dbiproxy /usr/bin/perl "-Iblib/arch" "-Iblib/lib" dbiprof.PL dbiprof Extracted dbiprof from dbiprof.PL with variable substitutions. cp dbiprof blib/script/dbiprof /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/dbiprof Manifying blib/man1/dbiproxy.1p Manifying blib/man1/dbiprof.1p Manifying blib/man3/DBI::ProfileDumper.3pm Manifying blib/man3/Roadmap.3pm Manifying blib/man3/DBI::DBD::Metadata.3pm Manifying blib/man3/DBI::Const::GetInfoReturn.3pm Manifying blib/man3/DBI::Const::GetInfo::ANSI.3pm Manifying blib/man3/DBI::PurePerl.3pm Manifying blib/man3/DBI::Profile.3pm Manifying blib/man3/DBI::SQL::Nano.3pm Manifying blib/man3/DBD::File.3pm Manifying blib/man3/DBD::DBM.3pm Manifying blib/man3/DBI.3pm Manifying blib/man3/DBI::FAQ.3pm Manifying blib/man3/Bundle::DBI.3pm Manifying blib/man3/Win32::DBIODBC.3pm Manifying blib/man3/DBI::W32ODBC.3pm Manifying blib/man3/DBI::DBD.3pm Manifying blib/man3/DBI::ProfileData.3pm Manifying blib/man3/DBD::Proxy.3pm Manifying blib/man3/DBI::ProxyServer.3pm Manifying blib/man3/DBI::Const::GetInfoType.3pm Manifying blib/man3/DBI::ProfileDumper::Apache.3pm Manifying blib/man3/DBD::Sponge.3pm Manifying blib/man3/DBI::Const::GetInfo::ODBC.3pm PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/01basics...............ok 4/131 skipped: developer tests t/02dbidrv...............ok t/03handle...............ok t/04mods.................ok t/05thrclone.............skipped all skipped: developer tests t/06attrs................ok t/07kids.................ok t/08keeperr..............ok t/09trace................ok t/10examp................ok t/11fetch................Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. t/11fetch................dubious Test returned status 255 (wstat 65280, 0xff00) t/14utf8.................skipped all skipped: developer tests t/15array................ok t/20meta.................ok t/30subclass.............ok t/40profile..............ok t/41prof_dump............ok t/42prof_data............ok t/43profenv..............ok t/50dbm..................ok t/60preparse.............ok t/70callbacks............ok t/72childhandles.........skipped all skipped: developer tests t/80proxy................skipped all skipped: developer tests t/pod....................skipped all skipped: developer tests t/zvpp_01basics..........ok 6/131 skipped: various reasons t/zvpp_02dbidrv..........ok 10/51 skipped: various reasons t/zvpp_03handle..........ok 76/135 skipped: various reasons t/zvpp_04mods............ok t/zvpp_05thrclone........skipped all skipped: various reasons t/zvpp_06attrs...........ok 7/137 skipped: various reasons t/zvpp_07kids............skipped all skipped: various reasons t/zvpp_08keeperr.........ok t/zvpp_09trace...........ok t/zvpp_10examp...........ok 39/253 skipped: various reasons t/zvpp_11fetch...........Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. ...caught at t/zvpp_11fetch.t line 3. Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. ...caught ...propagated at t/zvpp_11fetch.t line 4. t/zvpp_14utf8............skipped all skipped: various reasons t/zvpp_15array...........ok t/zvpp_20meta............ok t/zvpp_30subclass........ok t/zvpp_40profile.........skipped all skipped: various reasons t/zvpp_41prof_dump.......skipped all skipped: various reasons t/zvpp_42prof_data.......skipped all skipped: various reasons t/zvpp_43profenv.........skipped all skipped: various reasons t/zvpp_50dbm.............ok t/zvpp_60preparse........skipped all skipped: various reasons t/zvpp_70callbacks.......skipped all skipped: various reasons t/zvpp_72childhandles....skipped all skipped: various reasons t/zvpp_80proxy...........skipped all skipped: various reasons Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/11fetch.t 255 65280 ?? ?? % ?? 16 tests and 142 subtests skipped. Failed 1/49 test scripts, 95.92% okay. 0/2156 subtests failed, 100.00% okay. make: *** [test_dynamic] Error 11 ..." On Wed, Feb 01, 2006 at 09:15:16PM +0000, Julian Field wrote: > Do > > perl -MCPAN -e shell > install Storable > quit > > Make sure it doesn't start upgrading your entire Perl installation, > thump Ctrl-C like crazy if it does! > > Then try running the install.sh again. > > Gregg Berkholtz wrote: > >It appears I cant install DBI as I'm getting the following error after > >running > >MailScanner's install.sh on a Debian 3.0 system. Any assistance is greatly > >appreciated: > > From MailScanner at ecs.soton.ac.uk Wed Feb 1 22:06:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 22:06:04 2006 Subject: Beta to latest stable suggestions In-Reply-To: <002301c62777$bc980a30$0705000a@DDF5DW71> References: <002301c62777$bc980a30$0705000a@DDF5DW71> Message-ID: <43E130C9.6000906@ecs.soton.ac.uk> Steve Campbell wrote: > I had installed the 4.50-12 Beta last week to get the latest > configuration file changes. Is there any reason to upgrade to the > latest stable? If you want to use MailWatch, then yes. There are a few other things too. It will be a painless upgrade. > Should I have changed the "Minimum Supported Status" in the conf file > to 'Beta' for the Beta release, and what are the results of not doing > so if I should have changed this? No, leave that set to Beta or Supported. I'm going to remove that option altogether in the next release, it's worthless now. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 1 22:07:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 22:07:36 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: References: Message-ID: <43E13126.9030206@ecs.soton.ac.uk> David Curtis wrote: > > I am getting an error now since I upgraded: > service MailScanner start > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: In Debugging mode, not forking... > Can't call method "do" on an undefined value at > /usr/lib/MailScanner/MailScanner/SA.pm line 172. > > This is the same problem Glenn talked about, but my problem is that > there is no "/var/spool/MailScanner/incoming/SpamAssassin.cache.db" > file. Any idea's would be very helpfull. > > Have you change the Incoming Work Dir? It needs to be able to create the SpamAssassin.cache.db file in that directory. I trust SQLite installed okay? Do a MailScanner --version to check. Also do a MailScanner --lint to see if it says anything bad. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Wed Feb 1 22:07:56 2006 From: ka at pacific.net (Ken A) Date: Wed Feb 1 22:08:01 2006 Subject: SA cache not expiring entries? In-Reply-To: <1138228032.8413.28.camel@localhost.localdomain> References: <43D7F274.8060300@pacific.net> <1138228032.8413.28.camel@localhost.localdomain> Message-ID: <43E1313C.10506@pacific.net> Steve Freegard wrote: > Hi Ken, > > On Wed, 2006-01-25 at 13:49 -0800, Ken A wrote: > > > Next time, before nuking the database - run analyse_SpamAssassin_cache > and post the output as it will show up any irregularities straight away. MailScanner stopped Expiring entries from the SA cache. This time with 4.50.14. Here's what it looked like. I noticed the incoming queue growing on one MailScanner box. Checked the log for oddities and found this: MailScanner's last successful "Expired records from the SpamAssassin cache" happened about an hour ago (12:30 localtime) Then there's a load of these: "Feb 1 13:31:18 MailScanner[14286]: database or disk is full(1) at dbdimp.c line 398 Feb 1 13:31:18 last message repeated 59 times" The disk is tmpfs, and it's not full. The box is not out of RAM or SWAP. So I checked the size of the SA Cache file: # ls -lh -rw------- 1 root root 5.3M Feb 1 12:31 SpamAssassin.cache.db -rw------- 1 root root 6.6K Feb 1 13:40 SpamAssassin.cache.db-journal 5.3Mb - not that big! So, per your previous email on this, run analyze.... # /usr/sbin/analyze_SpamAssassin_cache DBD::SQLite::db selectrow_hashref failed: database is locked(5) at dbdimp.c line 416 at /usr/sbin/analyze_SpamAssassin_cache line 20. --------- TOTALS --------- Total records: 3251 First seen (oldest): 587347 sec First seen (newest): 3769 sec Last seen (oldest): 587347 sec Last seen (newest): 3745 sec Cache Hit Rate 0% -------- NON-SPAM -------- Total records: 712 First seen (oldest): 5963 sec First seen (newest): 3819 sec Last seen (oldest): 5960 sec Last seen (newest): 3819 sec -------- LOW-SPAM -------- Total records: 60 First seen (oldest): 4481 sec First seen (newest): 3852 sec Last seen (oldest): 4481 sec Last seen (newest): 3852 sec ------- HIGH-SPAM -------- Total records: 2252 First seen (oldest): 294837 sec First seen (newest): 3853 sec Last seen (oldest): 14990 sec Last seen (newest): 3853 sec -------- VIRUSES -------- DBD::SQLite::db selectrow_hashref failed: database is locked(5) at dbdimp.c line 416 at /usr/sbin/analyze_SpamAssassin_cache line 51. Total records: 0 First seen (oldest): 0 sec First seen (newest): 0 sec Last seen (oldest): 0 sec Last seen (newest): 0 sec ----- TOP 5 HASHES ------- DBD::SQLite::st execute failed: database is locked(5) at dbdimp.c line 416 at /usr/sbin/analyze_SpamAssassin_cache line 59. MD5 COUNT FIRST LAST # After running analyze_SpamAssassin_cache I restarted MailScanner and it's again Expiring entries from the Cache and caught up with the incoming queue. During the ~1 hour that MailScanner was having trouble accessing the SA Cache, it did record "SpamAssassin cache hit" for some messages, just not as many as usual (about 50 in an hour instead of several thousand). Google turns up an active bug in DBD::SQLite that may be related. http://rt.cpan.org/Public/Bug/Display.html?id=11680 This has only happened on one of 3 machines, running FC4. Thanks, Ken Anderson Pacific.Net > Cheers, > Steve. > From dcurtisathome at hotmail.com Wed Feb 1 22:15:00 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Wed Feb 1 22:15:06 2006 Subject: Problems starting after upgrading to 4.50.14 Message-ID: I am getting an error now since I upgraded: service MailScanner start Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: In Debugging mode, not forking... Can't call method "do" on an undefined value at /usr/lib/MailScanner/MailScanner/SA.pm line 172. This is the same problem Glenn talked about, but my problem is that there is no "/var/spool/MailScanner/incoming/SpamAssassin.cache.db" file. Any idea's would be very helpful. If this is a double post...I am sorry, I got an e-mail back saying it was pending review. From mkettler at evi-inc.com Wed Feb 1 22:27:35 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Feb 1 22:27:48 2006 Subject: ALL_TRUSTED problems In-Reply-To: <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> <223f97700602011257t35f95c96p@mail.gmail.com> <223f97700602011306w6bda9bfbi@mail.gmail.com> <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> Message-ID: <43E135D7.9060309@evi-inc.com> dnsadmin 1bigthink.com wrote: > > I read the whole thread dated 03/08- 03/10/2005. I still don't see the > resolution. I am not NAt'd. I am not gatewayed. I am cleared by my ISP > to answer direct DNS PTR. I love Sprint, by the way! Nor do I see why > this was all of a sudden a factor on my server, when I can't say that it > has been in the past. Could I have missed it? > > It is possible, since I have Dynamic DNS customers on a Verizon network, > and the IP neighborhood was close on this nasty spam, that SA was making > an educated guess? No. SA doesn't use that kind of smarts. SA more-or-less does the following things when guessing trust path, Starting with the most recent Received: header. ---- If the relay in the "by" clause resolves to a RFC 1918 reserved IP address, trust the node and check the next. If it's not private, trust the host and all others are untrusted. ---- Thus, SA should, by default, trust all servers with private IPs, and the first one with a non-trusted IP. Unless of course there is a trusted_networks declared, in which case SA trusts that. Did you ever get your parsing problem resolved?? This thread is so huge I can't even keep track of it. If not, you need to find out why that isn't working first. The fact that "score ALL_TRUSTED 0" doesn't work implies that your config files are NOT being parsed by spamassassin. That is a a truly major problem with your system if it's still oging on. That's horribly bad. Stop worrying about how ALL_TRUSTED works, and worry about why you can't get SA to honor your configuration. From lhaig at haigmail.com Wed Feb 1 22:37:33 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 22:37:37 2006 Subject: MS Slow after update to 4.50.14 on suse Message-ID: <43E1382D.8010603@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a problem after upgrading. My MS is very slow processing mail. I have sent test text messages to the system and they take between 28 to 31 seconds to process here is a snippet of the log Can anyone lead me in the right direction to see why this is so low? Thanks Lance Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages waiting Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 messages, 2009 bytes Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: Starting Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message k11MuMV5003084 to SQL Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took 0.00 seconds Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: to=, delay=00:00:28, xdelay=00:00:00, mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, stat=Sent (OK) Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to MailWatch SQL Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: Starting Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message k11MuM6S003085 to SQL Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took 0.00 seconds Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to MailWatch SQL Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, stat=Sent (OK) Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: from=, size=4772, class=-30, nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, relay=bkserver.blacknight.ie [83.98.166.45] Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: to=, delay=00:00:00, mailer=esmtp, pri=88772, stat=queued Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 messages, 5347 bytes Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string notspam in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string unreadablearchive in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string passwordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string archivetoodeep in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: Starting Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds Feb 1 22:57:20 mailhost MailScanner[993]: Logging message k11MvIXH003138 to SQL Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took 0.00 seconds Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to MailWatch SQL Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, stat=Sent (OK) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4TgtM4kHBIBZ61gRAl5TAJsFAHGz9URCWajs26he9H1Hoh/wwACdEBCb 5Z4j4ZIglPaltS4Pw2DeC90= =I1/F -----END PGP SIGNATURE----- From Edge at twu.ca Wed Feb 1 22:52:59 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 1 22:53:20 2006 Subject: ALL_TRUSTED problems Message-ID: If I change the line: Score ALL_TRUSTED 0 To: core ALL_TRUSTED Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" gives me a: [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0 [22778] warn: lint: 1 issues detected, please rerun with debug enabled for more information Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Wednesday, February 01, 2006 1:28 PM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems On 01/02/06, Richard Edge wrote: (snip) > For Glen: > I posted the output of spamasassin --lint in a message sent this > morning at 8:26 AM. Ooops, sorry! Missed it earlier (have had quite a day, trying to squeeze in a MailScaner update into an already overfull schedule (a lot of VPN tomfoolery.... and laptops... and meetings...Sheez, I'm a _server_ type of guy:-). Ok, assuming the output for the postfix user is (as you say) the same as for the root and apache users... This really _is_ strange. If you use od -oc on the mailscanner.cf, do you see any stray .... non-printable characters or somesuch? If you intriduce an error into the file and then lint it, does that show? Just add an unknown (by SA) string... If not, something makes SA abandon the file silently... Which sound pretty unlikely, now doesn't it? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Feb 1 22:55:48 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 22:55:50 2006 Subject: ALL_TRUSTED problems In-Reply-To: <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> <223f97700602011257t35f95c96p@mail.gmail.com> <223f97700602011306w6bda9bfbi@mail.gmail.com> <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> Message-ID: <223f97700602011455r1ef28cabw@mail.gmail.com> On 01/02/06, dnsadmin 1bigthink.com wrote: > At 04:06 PM 2/1/2006, you wrote: > > >On 01/02/06, Glenn Steen wrote: > > > On 01/02/06, dnsadmin 1bigthink.com wrote: > > > > At 03:00 PM 2/1/2006, you wrote: > > > > > > > > >The trouble with making changes in the 50_scores.cf is that the change > > > > >will be overwrittent whenever SA is updated. I should be able to place > > > > >'overrides' in the spam.assassin.prefs.conf file as the documentation > > > > >states and have them override the defaults. > > > > > > > > Hello Richard, > > > > > > > > I looked back at the threads for this post after I saw something very > > > > spammy and pornographic (even spelled correctly!) slip by my server > > > > last night and it was due to the ALL_TRUSTED rule as well. Is that > > > > what happened to you? > > > > > > > > Where are the guts of what is triggering ALL_TRUSTED? > > > Hi Glenn, > > > > > > The "guts" are in spamassassin, of course... Matt Kettler has covered > > > this extensively on this list in the past (how it works, what it is > > > and what to do about it getting misdetected)... Pehraps one of those > > > would turn up if you search the list archives (on gmane) for kettler > > > and trusted_path:-). > > > > > > > I don't have any trusted_networks defined in my configs that I know > > > > of, nor have seen since hunting through configs for this. > > > > > > You should set trusted_networks to your mailservers IP addresses > > (or network). > > > IIRC this is suggested in spam.assassin.prefs.conf / mailscanner.cf .... > > > > > > > Thanks, > > > > Glenn > > > > > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > > >Here's a link to one (with Jules reply... First hit, and I'm too lazy > >to find the original:-): > >http://article.gmane.org/gmane.mail.virus.mailscanner/26152/match=kettler+trust+path > > > >-- > > Thanks Glenn, > > I read the whole thread dated 03/08- 03/10/2005. I still don't see > the resolution. I am not NAt'd. I am not gatewayed. I am cleared by > my ISP to answer direct DNS PTR. I love Sprint, by the way! Nor do I > see why this was all of a sudden a factor on my server, when I can't > say that it has been in the past. Could I have missed it? Perhaps. Happens o the best (IOW, I've done so myself:-) > It is possible, since I have Dynamic DNS customers on a Verizon > network, and the IP neighborhood was close on this nasty spam, that > SA was making an educated guess? As far as I can understand, the whole trust thing in SA is just that:-). Matt's the expert though, and will perhaps shed some further light on this. But whatever way one looks at it, being specific (and correct) by setting a trusted_networks entry, just can't be wrong. > I've been sitting on MailScanner version 4.41.3 for quite some time > and was preparing to upgrade this weekend. Go for it! The new stable version is well worth the work. If one feels like one needs a mental handhold, there's a pretty nice piece on upgrading in the MAQ. Even good for us "read the manual _after_ the fact" types:-). > Thanks, > Glenn Parsons > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Edge at twu.ca Wed Feb 1 23:01:29 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 1 23:03:46 2006 Subject: ALL_TRUSTED problems Message-ID: This is my tinking on this as well since this is much easier to test. As you say if MailScanner is not reading this configuration setting it is also going to ignore the "trusted_networks" setting as well as in my situation here. Oddly if I modify or add an invalid entry, spamasaasin --lint is detecting and issuing an appropriate wanrning about the error. At this point I am pretty much stumped as to what is going wrong here. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge@twu.ca | www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Wednesday, February 01, 2006 2:28 PM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems If not, you need to find out why that isn't working first. The fact that "score ALL_TRUSTED 0" doesn't work implies that your config files are NOT being parsed by spamassassin. That is a a truly major problem with your system if it's still oging on. That's horribly bad. Stop worrying about how ALL_TRUSTED works, and worry about why you can't get SA to honor your configuration. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Feb 1 23:03:51 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 23:03:54 2006 Subject: ALL_TRUSTED problems In-Reply-To: <43E135D7.9060309@evi-inc.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> <223f97700602011257t35f95c96p@mail.gmail.com> <223f97700602011306w6bda9bfbi@mail.gmail.com> <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> <43E135D7.9060309@evi-inc.com> Message-ID: <223f97700602011503x6a38aa89i@mail.gmail.com> On 01/02/06, Matt Kettler wrote: (snip) > > It is possible, since I have Dynamic DNS customers on a Verizon network, > > and the IP neighborhood was close on this nasty spam, that SA was making > > an educated guess? > > No. SA doesn't use that kind of smarts. > > SA more-or-less does the following things when guessing trust path, Starting > with the most recent Received: header. > ---- > If the relay in the "by" clause resolves to a RFC 1918 reserved IP address, > trust the node and check the next. > > If it's not private, trust the host and all others are untrusted. > ---- > > Thus, SA should, by default, trust all servers with private IPs, and the first > one with a non-trusted IP. > > Unless of course there is a trusted_networks declared, in which case SA trusts that. > And while I was typing (*slowly*), Matt did shed some more light. Thanks Matt, think I got it now. > > Did you ever get your parsing problem resolved?? This thread is so huge I can't > even keep track of it. > > If not, you need to find out why that isn't working first. > > The fact that "score ALL_TRUSTED 0" doesn't work implies that your config files > are NOT being parsed by spamassassin. > > That is a a truly major problem with your system if it's still oging on. That's > horribly bad. Stop worrying about how ALL_TRUSTED works, and worry about why you > can't get SA to honor your configuration. > Matt, there's two persons having slightly similar ALL_TRUSTED problems in this thread, Richard Edge (who has the funky config you refer to) and Glenn Parsons (who you replied to). According to an earlier --lint quote from Richard, mailscanner.cf actually does get read. ... :-/ -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 1 23:11:20 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 23:11:22 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602011511l6049c97ft@mail.gmail.com> On 01/02/06, Richard Edge wrote: > If I change the line: > > Score ALL_TRUSTED 0 > > To: > > core ALL_TRUSTED > > Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" > gives me a: > > [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0 > [22778] warn: lint: 1 issues detected, please rerun with debug enabled > for more information > Why couldn't it have played along with my idea?! Argh. That pretty well shows that it does get read, and one would assume the rules get applied. Well, sorry... but I'm stumped. For tonight at least. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dcurtisathome at hotmail.com Wed Feb 1 23:14:14 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Wed Feb 1 23:14:18 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: <43E13126.9030206@ecs.soton.ac.uk> Message-ID: I did not happen to see any problems with the SQLlite, I am not sure what it is using for a work dir, Where do I find that setting? I have never changed it as far as I am aware, and it had been working up unitll this upgrade. I have not changed the work dir. Here is a copy of the results: This is MailScanner version 4.50.14 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.53 Net::DNS 0.33 Net::LDAP 1.94 Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.52 Test::Harness 0.6 Test::Simple 1.95 Text::Balanced 1.35 URI MailScanner --lint Cannot open config file --lint, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 597. Compilation failed in require at /usr/sbin/MailScanner line 67. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. Incoming Queue Dir = /var/spool/postfix/hold # Set location of outgoing mail queue. # This can also be the filename of a ruleset. Outgoing Queue Dir = /var/spool/postfix/incoming\ I thank you very much, Dave >From: Julian Field >Reply-To: MailScanner discussion >To: MailScanner discussion >Subject: Re: Problems starting after upgrading to 4.50.14 >Date: Wed, 01 Feb 2006 22:07:34 +0000 > > > >David Curtis wrote: >> I am getting an error now since I upgraded: >>service MailScanner start >>Starting MailScanner daemons: >> incoming postfix: [ OK ] >> outgoing postfix: [ OK ] >> MailScanner: In Debugging mode, not forking... >>Can't call method "do" on an undefined value at >>/usr/lib/MailScanner/MailScanner/SA.pm line 172. >> This is the same problem Glenn talked about, but my problem is that >>there is no "/var/spool/MailScanner/incoming/SpamAssassin.cache.db" file. >>Any idea's would be very helpfull. >> >Have you change the Incoming Work Dir? It needs to be able to create the >SpamAssassin.cache.db file in that directory. >I trust SQLite installed okay? Do a MailScanner --version to check. Also do >a MailScanner --lint to see if it says anything bad. > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From lhaig at haigmail.com Wed Feb 1 23:17:57 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 23:18:00 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <43E1382D.8010603@haigmail.com> References: <43E1382D.8010603@haigmail.com> Message-ID: <43E141A5.7070300@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have also seen the following unable to write pid to /var/run/sendmail.pid: file in use by another process and Error in line 157, file "/var/run/MailScanner.pid" for pidfile does not exist (or can not be read) I have looked in the /var/run directory and the MailScanner.pid is not there. if I create the file then the error goes away Thanks Lance Lance Haig wrote: > I have a problem after upgrading. > > My MS is very slow processing mail. I have sent test text messages to > the system and they take between 28 to 31 seconds to process > > here is a snippet of the log Can anyone lead me in the right direction > to see why this is so low? > > Thanks > > Lance > > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages > waiting > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 > messages, 2009 bytes > Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting > Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: > Starting > Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages > Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds > Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message > k11MuMV5003084 to SQL > Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: > to=, delay=00:00:28, xdelay=00:00:00, > mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], > dsn=2.0.0, stat=Sent (OK) > Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to > MailWatch SQL > Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: > Starting > Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages > Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds > Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message > k11MuM6S003085 to SQL > Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to > MailWatch SQL > Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: > to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, > pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > from=, size=4772, class=-30, > nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, > relay=bkserver.blacknight.ie [83.98.166.45] > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > to=, delay=00:00:00, mailer=esmtp, pri=88772, > stat=queued > Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 > messages, 5347 bytes > Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam > in language translation file /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > notspam in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached > Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist > Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries > Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from > 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: > Starting > Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages > Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds > Feb 1 22:57:20 mailhost MailScanner[993]: Logging message > k11MvIXH003138 to SQL > Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to > MailWatch SQL > Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: > to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, > pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4UGlM4kHBIBZ61gRAnHBAJ9RPsVwgvItNjyR4Zpj5nLad6dRqQCfYsfO eYuf/uCgpo7WTsCyiu8EkzY= =cwUx -----END PGP SIGNATURE----- From lhaig at haigmail.com Wed Feb 1 23:24:37 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 23:24:43 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <43E141A5.7070300@haigmail.com> References: <43E1382D.8010603@haigmail.com> <43E141A5.7070300@haigmail.com> Message-ID: <43E14335.4030109@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have checked that my sendmail is dsiabled in the runlevels Where else can I look to fix this Lance Lance Haig wrote: > I have also seen the following > > unable to write pid to /var/run/sendmail.pid: file in use by another process > > and > > Error in line 157, file "/var/run/MailScanner.pid" for pidfile does not > exist (or can not be read) > > I have looked in the /var/run directory and the MailScanner.pid is not > there. if I create the file then the error goes away > > Thanks > > Lance > > > Lance Haig wrote: >>> I have a problem after upgrading. >>> >>> My MS is very slow processing mail. I have sent test text messages to >>> the system and they take between 28 to 31 seconds to process >>> >>> here is a snippet of the log Can anyone lead me in the right direction >>> to see why this is so low? >>> >>> Thanks >>> >>> Lance >>> >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages >>> waiting >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 >>> messages, 2009 bytes >>> Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting >>> Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message >>> k11MuMV5003084 to SQL >>> Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: >>> to=, delay=00:00:28, xdelay=00:00:00, >>> mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], >>> dsn=2.0.0, stat=Sent (OK) >>> Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to >>> MailWatch SQL >>> Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message >>> k11MuM6S003085 to SQL >>> Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to >>> MailWatch SQL >>> Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: >>> to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, >>> pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> from=, size=4772, class=-30, >>> nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, >>> relay=bkserver.blacknight.ie [83.98.166.45] >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> to=, delay=00:00:00, mailer=esmtp, pri=88772, >>> stat=queued >>> Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 >>> messages, 5347 bytes >>> Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam >>> in language translation file /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> notspam in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached >>> Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist >>> Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries >>> Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from >>> 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> unreadablearchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> passwordedarchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> archivetoodeep in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages >>> Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds >>> Feb 1 22:57:20 mailhost MailScanner[993]: Logging message >>> k11MvIXH003138 to SQL >>> Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to >>> MailWatch SQL >>> Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: >>> to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, >>> pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4UM1M4kHBIBZ61gRAh05AJ9DJN75gsW+Vano7ItoC4c1sKsq4ACeKo3r vlAyHYRsN5mkTMwWvQ8lS/o= =5+BW -----END PGP SIGNATURE----- From glenn.steen at gmail.com Wed Feb 1 23:25:49 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 23:25:52 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: References: <43E13126.9030206@ecs.soton.ac.uk> Message-ID: <223f97700602011525t27264a64o@mail.gmail.com> On 02/02/06, David Curtis wrote: > I did not happen to see any problems with the SQLlite, I am not sure what it > is using for a work dir, Where do I find that setting? I have never changed > it as far as I am aware, and it had been working up unitll this upgrade. > Do ls -la /var/spool/MailScanner/incoming and check that the permissions on the directory (.) will permit the postfix user (or group) to create the file ... Else it'll carp just like that. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dcurtisathome at hotmail.com Wed Feb 1 23:37:42 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Wed Feb 1 23:37:46 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: <223f97700602011525t27264a64o@mail.gmail.com> Message-ID: [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ total 8 drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. Thanks, Dave >From: Glenn Steen >Reply-To: MailScanner discussion >To: MailScanner discussion >Subject: Re: Problems starting after upgrading to 4.50.14 >Date: Thu, 2 Feb 2006 00:25:49 +0100 > >On 02/02/06, David Curtis wrote: > > I did not happen to see any problems with the SQLlite, I am not sure >what it > > is using for a work dir, Where do I find that setting? I have never >changed > > it as far as I am aware, and it had been working up unitll this upgrade. > > >Do >ls -la /var/spool/MailScanner/incoming >and check that the permissions on the directory (.) will permit the >postfix user (or group) to create the file ... Else it'll carp just >like that. > >-- >-- Glenn >email: glenn < dot > steen < at > gmail < dot > com >work: glenn < dot > steen < at > ap1 < dot > se >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! _________________________________________________________________ Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From dmehler26 at woh.rr.com Wed Feb 1 23:32:27 2006 From: dmehler26 at woh.rr.com (Dave) Date: Wed Feb 1 23:41:39 2006 Subject: mailscanner and perdomain white and blacklists Message-ID: <003f01c62787$c3f61370$0200a8c0@satellite> Hello, I've got a mailscanner install with sendmail. It's working fine and it's working for multiple users. Now i'm getting requests from user a to add a username/domain to a blacklist file and user b to add another username/domain to a whitelist file. These i'm thinking should be separate as they are separate domains. This is on an fc4 box. Is this doable, any help appreciated. Thanks. Dave. From glenn.steen at gmail.com Thu Feb 2 00:40:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 00:40:42 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602011640o2eea2318y@mail.gmail.com> On 01/02/06, Richard Edge wrote: > If I change the line: > > Score ALL_TRUSTED 0 > > To: > > core ALL_TRUSTED > > Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" > gives me a: > > [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0 > [22778] warn: lint: 1 issues detected, please rerun with debug enabled > for more information > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " too? You shouldn't need use it as a preference file anymore, since it should be part of the site rules... A plain "spamassassin --lint" should suffice. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From taz at taz-mania.com Thu Feb 2 00:52:03 2006 From: taz at taz-mania.com (Dennis Willson) Date: Thu Feb 2 00:52:10 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <003f01c62787$c3f61370$0200a8c0@satellite> References: <003f01c62787$c3f61370$0200a8c0@satellite> Message-ID: <43E157B3.3060109@taz-mania.com> Try using mailwatch.... It does this very nicely and uses a mysql database for the white and black lists. There is even a way for the users to manage their own lists. Dave wrote: > Hello, > I've got a mailscanner install with sendmail. It's working fine and > it's working for multiple users. Now i'm getting requests from user a to > add a username/domain to a blacklist file and user b to add another > username/domain to a whitelist file. These i'm thinking should be > separate as they are separate domains. This is on an fc4 box. Is this > doable, any help appreciated. > Thanks. > Dave. > From mkettler at evi-inc.com Thu Feb 2 00:59:23 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Feb 2 00:59:33 2006 Subject: ALL_TRUSTED problems In-Reply-To: <223f97700602011640o2eea2318y@mail.gmail.com> References: <223f97700602011640o2eea2318y@mail.gmail.com> Message-ID: <43E1596B.40101@evi-inc.com> Glenn Steen wrote: > On 01/02/06, Richard Edge wrote: >> If I change the line: >> >> Score ALL_TRUSTED 0 >> >> To: >> >> core ALL_TRUSTED >> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" >> gives me a: >> >> [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0 >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled >> for more information >> > > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " > too? You shouldn't need use it as a preference file straws:-)> anymore, since it should be part of the site rules... A > plain "spamassassin --lint" should suffice. > Erm, what on earth is mailscanner.cf doing in /etc/mail/?? it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other directory containing the word "spamassassin" depending on how your SA is configured. Realistically you should *NEVER*, EVER under any condition use -p to point to any site-level file. It should only point to a user level file. Mailscanner.cf is NOT a user level file. The whole reason mailscanner.cf was created was to ensure it was NOT used as a user prefs file. mailscanner.cf contains options that are ONLY valid at the site-wide level. Do NOT pass this -p. It belongs in the SA site-config directory so SA always parses it, and to make sure that SA correctly parses it. If it's not in the site config directory, SA won't parse it when mailscanner runs. New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs file, thus by adding -p you are changing the behavior of spamassassin to be different than what Mailscanner does with it. I know this is contrary to how old versions of MS worked. In old versions, spam.assassin.prefs.conf was passed as a user_prefs replacement. However, This file kept pushing options in which are only valid at the site level. It also pushed options such as bayes_path which need to be passed to all instances of sa on the system, such as sa-learn. After some prodding, Julian finally created MailScanner.cf, a file to be placed alongside local.cf and other site-wide config files. This way any call to SA automatically parses this file. From ssilva at sgvwater.com Thu Feb 2 00:59:08 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 00:59:38 2006 Subject: Having trouble with mqueue.in In-Reply-To: <43E12E21.7080002@noacon.com> References: <43E122C3.20705@noacon.com> <43E129E4.1040304@ecs.soton.ac.uk> <43E12E21.7080002@noacon.com> Message-ID: Tim Grooms spake the following on 2/1/2006 1:54 PM: > Julian Field wrote: >> >> >> Tim Grooms wrote: >>> Installed MailScanner-4.50.14-1 and ClamAV/SpamAssassin today from >>> the rpm files >>> MailScanner-4.50.14-1.rpm.tar.gz and >>> install-Clam-SA.tar.gz >>> >>> Everything seemed to work fine in the installs. Ran >>> upgrade_MailScanner_conf and >>> upgrade_languages.conf and those seemed to go ok as well. >>> >>> I am using Fedora Core 4 and sendmail. I cannot get incoming mail to >>> come through and get >>> the following when trying to start MailScanner: >>> >>> --------------------------------------------------------------------------------------------------------- >>> >>> >>> [root@www log]# service MailScanner start >>> Starting MailScanner daemons: >>> incoming sendmail: Warning: Option: AuthOptions requires >>> SASL support (-DSASL) >> Look for AuthOptions in /etc/mail/sendmail.cf. Try commenting it out >> completely. > > Ok, I'll do that next. >>> /): No such file or directoryspool/mqueue.in >> Did it really say that? If so, you've screwed up /var/spool/mqueue.in >> somewhere. Check it printed exactly this. You should have a >> /var/spool/mqueue.in directory with the same permissions as >> /var/spool/mqueue. > Yep, that's exactly what it said and I do have both directorys with the > same permissions. When I tell it to stop MailScanner I get the > following line: > > : No such file or directoryne 315: cd: /var/spool/MailScanner/incoming > > but there is a /var/spool/MailScanner/incoming folder also. I can stop > MailScanner and start sendmail and I can receive mail again. But once I > stop > sendmail and start MailScanner my mail stops coming in again. >>> >>> [OK] >>> outgoing sendmail: Warning: Option: AuthOptions requires >>> SASL support (-DSASL) >>> >>> [OK] >>> >>> MailScanner >>> [OK] >>> [root@www log]# >>> >>> ---------------------------------------------------------------------------------------------------------- >>> >>> >>> There are no errors in the maillog file everything appears to start >>> normally. I have checked the >>> folders and permissions in /var/spool and all seems OK there as well >>> as the path in >>> MailScanner.conf to both incoming and outgoing queues. >>> >>> Any suggestions? I'm stumped. >>> >>> Thanks. >>> >> > > Thanks for the help. > Tim > It looks like there is something wrong in your MailScanner.conf file. Read it carefully from top to bottom. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Edge at twu.ca Thu Feb 2 01:08:58 2006 From: Edge at twu.ca (Richard Edge) Date: Thu Feb 2 01:09:19 2006 Subject: ALL_TRUSTED problems Message-ID: Nope, it gives no errors there either. With the -D option is gives me the same information as previous. Another odd thing is that -D --lint seems to respond to changes of "use_pyzor 0" to "use_pyzor 0" and back as does "use_dcc 0" to "use_dcc 1". The -D --lint turns these functions off and on as they should but I don't see any reference to these tests in the maillog either. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Wednesday, February 01, 2006 4:41 PM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems On 01/02/06, Richard Edge wrote: > If I change the line: > > Score ALL_TRUSTED 0 > > To: > > core ALL_TRUSTED > > Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" > gives me a: > > [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED > 0 [22778] warn: lint: 1 issues detected, please rerun with debug > enabled for more information > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " too? You shouldn't need use it as a preference file anymore, since it should be part of the site rules... A plain "spamassassin --lint" should suffice. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Edge at twu.ca Thu Feb 2 01:13:20 2006 From: Edge at twu.ca (Richard Edge) Date: Thu Feb 2 01:15:04 2006 Subject: ALL_TRUSTED problems Message-ID: Sorry. A typo on my part. It is actually in /etc/mail/spamasassin. I guess I was using the -p which was mentioned in some docs from an earlier version of MailScanner and SA that I was using. As I mentioned in another email, 'spamassassin -D --lint' gives me the same output as previously reported here. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Wednesday, February 01, 2006 4:59 PM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems Glenn Steen wrote: > On 01/02/06, Richard Edge wrote: >> If I change the line: >> >> Score ALL_TRUSTED 0 >> >> To: >> >> core ALL_TRUSTED >> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" >> gives me a: >> >> [22778] warn: config: failed to parse line, skipping: core >> ALL_TRUSTED 0 [22778] warn: lint: 1 issues detected, please rerun >> with debug enabled for more information >> > > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " > too? You shouldn't need use it as a preference file straws:-)> anymore, since it should be part of the site rules... A > plain "spamassassin --lint" should suffice. > Erm, what on earth is mailscanner.cf doing in /etc/mail/?? it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other directory containing the word "spamassassin" depending on how your SA is configured. Realistically you should *NEVER*, EVER under any condition use -p to point to any site-level file. It should only point to a user level file. Mailscanner.cf is NOT a user level file. The whole reason mailscanner.cf was created was to ensure it was NOT used as a user prefs file. mailscanner.cf contains options that are ONLY valid at the site-wide level. Do NOT pass this -p. It belongs in the SA site-config directory so SA always parses it, and to make sure that SA correctly parses it. If it's not in the site config directory, SA won't parse it when mailscanner runs. New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs file, thus by adding -p you are changing the behavior of spamassassin to be different than what Mailscanner does with it. I know this is contrary to how old versions of MS worked. In old versions, spam.assassin.prefs.conf was passed as a user_prefs replacement. However, This file kept pushing options in which are only valid at the site level. It also pushed options such as bayes_path which need to be passed to all instances of sa on the system, such as sa-learn. After some prodding, Julian finally created MailScanner.cf, a file to be placed alongside local.cf and other site-wide config files. This way any call to SA automatically parses this file. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mhw at WittsEnd.com Thu Feb 2 01:58:49 2006 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Thu Feb 2 01:59:18 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <43E0D70F.9080804@USherbrooke.ca> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> <43E0D70F.9080804@USherbrooke.ca> Message-ID: <1138845529.4025.80.camel@canyon.wittsend.com> On Wed, 2006-02-01 at 10:43 -0500, Denis Beauchemin wrote: > Marco Radzinschi wrote: > > Hello: > > I noticed that the CR/LF behavior has changed in the newest version of > > MailScanner (4.49) from DOS (LF only) to Unix-type text files > > (+) for the generated attachment warnings. > DOS = CR+LF, Unix/Linux = LF > > I treid removing the excess characters in the report templates > > myself, but I noticed that the Perl script still appends to the report > > templates with +, which makes it appear mangled on a GroupWise > > system running on Windows. > > I did not see a configuration option for this, so I am assuming that > > it is hard-coded somewhere in the script, or in one of the external > > modules that the script uses. Does anyone know how to change this > > behavior? > This has been discussed previously (about 1-2 weeks ago). It is > probably a bug in MIME::Tools IIRC. Some people were supposed to talk > to the developer to get a fix. Don't know how it turned out... Turns out it's far worse than we imagined. It's not really a "bug" in MIME::Tools per se. Rather, it's an ambiguity in the entire quoted-printable encoding on top of the issues of LF vs CR/LF. Some of that's all the way down in the core Perl MIME stuff below MIME::Tools. By re-encoding MIME attachments, we may end up with the entire encoded attachment altered even though the canonical text remains the same. This is a big no-no for signed attachments and that's what Julian is referring to as a big problem that's being worked on. I suspect I dumped a rather odious hairball in his lap over the whole PGP/MIME / S/MIME mess of which the eol line termination endings are only a minor part. Fixing MIME::Tools turns out not to fix any of it. But some hooks into MIME::Tools for saving the encoded parts by be the workaround for both problems. Work in progress... ITMT... Turn off "Sign Clean Messages". > Denis > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/ad4e2b15/attachment.bin From Carl.Andrews at crackerbarrel.com Thu Feb 2 02:27:55 2006 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu Feb 2 02:28:52 2006 Subject: Password Protected PDFs Message-ID: <18BAD67B3136234285A06EB137C5CBD102F9ED29@exchange03.CBOCS.com> Sorry this would be important: Virus Scanners = clamav bitdefender sophos MailScanner Version: 4.5.10 Thanks again! -----Original Message----- From: Andrews Carl 448 Sent: Wednesday, February 01, 2006 8:19 PM To: 'MailScanner discussion' Subject: Password Protected PDFs I am having a problem allowing password protected PDFs in from an address to an address using a ruleset. The ruleset works great, if I put the lines in the virus.scanning.rules file. I tried the Allow Password-Protected Archives option, but PDFs are not achives and so mailscanner, correctly, ignores that rule. The log file shows "MailScanner [####]: Viruses marked as silent: Password protected file .", so this is a virus setting but I can not find it. Could someone tell me what option I need to point to my ruleset or do I have to use the virus.scanning.rules? Thanks! Carl From Carl.Andrews at crackerbarrel.com Thu Feb 2 02:18:56 2006 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu Feb 2 08:50:03 2006 Subject: Password Protected PDFs Message-ID: <18BAD67B3136234285A06EB137C5CBD102F9ED28@exchange03.CBOCS.com> I am having a problem allowing password protected PDFs in from an address to an address using a ruleset. The ruleset works great, if I put the lines in the virus.scanning.rules file. I tried the Allow Password-Protected Archives option, but PDFs are not achives and so mailscanner, correctly, ignores that rule. The log file shows "MailScanner [####]: Viruses marked as silent: Password protected file .", so this is a virus setting but I can not find it. Could someone tell me what option I need to point to my ruleset or do I have to use the virus.scanning.rules? Thanks! Carl From MailScanner at ecs.soton.ac.uk Thu Feb 2 08:57:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 08:57:44 2006 Subject: SQLite and postfix... In-Reply-To: <223f97700602011346p327e1b06y@mail.gmail.com> References: <223f97700602010923w68b73106l@mail.gmail.com> <223f97700602011216x753fafccx@mail.gmail.com> <43E126BC.3020108@ecs.soton.ac.uk> <223f97700602011346p327e1b06y@mail.gmail.com> Message-ID: <6F3A6C09-CC53-435F-A432-8CAB51A0ACDD@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 21:46, Glenn Steen wrote: > On 01/02/06, Julian Field wrote: >> Glenn Steen wrote: >>> ---------- Forwarded message ---------- >>> From: Glenn Steen >>> Date: 01-Feb-2006 18:23 >>> Subject: SQLite and postfix... >>> To: MailScanner@lists.mailscanner.info >>> >>> >>> Just a note, if this hasn't been covered already: >>> >>> Updated to the latest stable (4.50.14) on my prod machine running >>> postfix...It's a Mdv 10.2, so I used that rpm method. >>> >>> Apparantly the SQLite db got created during install, with only >>> user rw >>> perms... and a "non-postfix" user. This made MailScanner loop during >>> startup (all the children died immediately). Running --debug >>> complained about line 172 in SA.pm, which happen to be an >>> operation on >>> the SQLite, so ... eventually led me right:-). >>> >>> Simple fix is to remove the file >>> /var/spool/MailScanner/incoming/SpamAssassin.cache.db and do >>> "service >>> MailScanner restart" ... and a pristine file with the correect >>> perms/owner get created. One could've just changed the owner, of >>> course:-). >>> >>> Other than that, it looks to be _really_ nice... and fast. >> The db file shouldn't be created by the installation. Are you sure >> you >> didn't run it at all before setting the Run As User? > > Yeah, pretty sure. It was an upgrade, not an install... So MailScanner > was already set for the postfix user, and yes... I did do the > suggested upgrade of conf file (and triple checked with diff and > reading the file from top to bottom and --linting) before restarting > the MailScanner service and putting in the first message (via > telnet)... Immediately noted a few processes, and the > message just sat there... So I don't think it was anything like that. > I'll probably get to redo the upgrade tomorrow (on the other server), > and will be sure to take better notes then. > Come to think of it, I might have done a "MailScanner --lint" before > upgrading the MailScanner.conf file... It complained about the > spurious spam.assassin.prefs.conf line, IIRC... But it should still > have switched into "postfix" user, right? Or did that prevent it from > using it, then perform the spam cache query ... which then created the > bum file? > I'll try retrace my steps tomorrow and see what gives. You are exactly right. I guess I should move the "change user" code a bit. 4.50.14-2 produces a proper error message in this situation now, it doesn't just die. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HJgfw32o+k+q+hAQENbQgAtFjZ9L5tJ7jsc31jUvD8SdO6UxzZRmrc ph8gg3olHJp3hF42BVuQGDgFdv0MHthV+m5c1nx0SMai+wF505rOz43UvrQw8DQJ PcyIr3pH972SaAzBnnSLRZuhHnI+OCmZV02NkzqjhF5++81I8D1ExW40jdoHkrk/ r9xBH78eO6TciKtF8hYl72CnWN7+Fgyd/tFdwp35RpNa+6L/cDZscms3UZITFz7F zEUE+X/ige/I0EE611B6EKCg/vp3CEDFXNlfh9AGI1bgBRL9NzDLqGPXkQDoLNWC NWxtrca2fDj0yFoNCe21BD/87Uie5RjYjLVVqMFztq2thHagkLPyPA== =0QHj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 08:58:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 08:58:20 2006 Subject: Downloading the latest update :-) In-Reply-To: <43E12D2E.2070106@haigmail.com> References: <43E12132.5060402@haigmail.com> <43E1293C.5020503@ecs.soton.ac.uk> <43E12D2E.2070106@haigmail.com> Message-ID: <77EB9F6B-9FC6-48BE-B4CD-DD5BF130880F@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 21:50, Lance Haig wrote: > * PGP Signed by an unknown key: 02/01/06 at 21:50:38 > > I have an error in my Mailscanner --lint command > > mailhost:~ # MailScanner --lint > Possible syntax error on line 19 of /etc/MailScanner/ > filename.rules.conf > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 > Remember to separate fields with tab characters! at > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 > Read 710 hostnames from the phishing whitelist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > Checking SpamAssassin errors (if you use it), this may take some > time... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" > Found these virus scanners installed: bitdefender, clamavmodule > > I have checked the file and all fields are seperated by tabs so I am a > bit confused. > > Can anyone shed some light? Exactly what does line 19 of that file say? > > Lance > > Julian Field wrote: >> Lance Haig wrote: >>> Is it easier to download the SA clam package from Julians site to >>> update >>> clam or would it be better to just update clam from the clam site? >>> >>> I don't want to lose the clamavmodule part of the install as I >>> have had >>> problems installing it in the past. >>> >>> I have SA 3.1 and Clamav 87 on suse 9.3 >>> >> I would do my package. It will upgrade Clam then rebuild Mail::ClamAV >> and link it against the Clam it just built. >> More reliable in my view. >> >> I don't like building perl modules that call C libraries without >> knowing >> I had the latest C library when it was linked together. >> > > * Unknown Key > * 0x8059EB58 (L) > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HJpvw32o+k+q+hAQFjUwf/U5FSUkloeDhKrZkzLukadbH5Ayuo6CBi YHkfj7DXBt14KCQqCUDpKuhjwTRVPc4bbcrzL3vzsYGO137ArtqFQYvEQiRuZnj1 f2ostkcWcoeamABoS72LMimoGE/lHUZmKI34whJOrMHa8KnMRSFtHEzQvmLh1hUV J1Mh1qHqPs7UVtwff1LqWipCT4JLDuaiNz3U1FNAEdBQ1jzdONtrH9w5RXWkUZ0K u8C2nPd9NZK3YCBUyx7QufVGQ5oqENyinP3OjjLv8ylz26xtkYJiUw+BQneqaDDX zEZ3NGD5y42nvCGOxIqcvp64i4jM+mw154AvaRbzutDugWGWpT0MTw== =iqcP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:00:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:00:37 2006 Subject: Having trouble with mqueue.in In-Reply-To: <43E12E21.7080002@noacon.com> References: <43E122C3.20705@noacon.com> <43E129E4.1040304@ecs.soton.ac.uk> <43E12E21.7080002@noacon.com> Message-ID: <4AC3267C-BD78-4C9A-AAFD-B82B100C5FBB@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 21:54, Tim Grooms wrote: > Julian Field wrote: >> >> Tim Grooms wrote: >>> Installed MailScanner-4.50.14-1 and ClamAV/SpamAssassin today >>> from the rpm files >>> MailScanner-4.50.14-1.rpm.tar.gz and >>> install-Clam-SA.tar.gz >>> >>> Everything seemed to work fine in the installs. Ran >>> upgrade_MailScanner_conf and >>> upgrade_languages.conf and those seemed to go ok as well. >>> >>> I am using Fedora Core 4 and sendmail. I cannot get incoming >>> mail to come through and get >>> the following when trying to start MailScanner: >>> >>> -------------------------------------------------------------------- >>> ------------------------------------- >>> >>> [root@www log]# service MailScanner start >>> Starting MailScanner daemons: >>> incoming sendmail: Warning: Option: AuthOptions >>> requires SASL support (-DSASL) >> Look for AuthOptions in /etc/mail/sendmail.cf. Try commenting it >> out completely. > > Ok, I'll do that next. >>> /): No such file or directoryspool/mqueue.in >> Did it really say that? If so, you've screwed up /var/spool/ >> mqueue.in somewhere. Check it printed exactly this. You should >> have a /var/spool/mqueue.in directory with the same permissions >> as /var/spool/mqueue. > Yep, that's exactly what it said and I do have both directorys with > the same permissions. When I tell it to stop MailScanner I get the > following line: > > : No such file or directoryne 315: cd: /var/spool/MailScanner/incoming > > but there is a /var/spool/MailScanner/incoming folder also. I can > stop MailScanner and start sendmail and I can receive mail again. > But once I stop > sendmail and start MailScanner my mail stops coming in again. >>> >>> [OK] >>> outgoing sendmail: Warning: Option: AuthOptions >>> requires SASL support (-DSASL) >>> >>> [OK] >>> >>> MailScanner >>> [OK] >>> [root@www log]# >>> >>> -------------------------------------------------------------------- >>> -------------------------------------- >>> >>> There are no errors in the maillog file everything appears to >>> start normally. I have checked the >>> folders and permissions in /var/spool and all seems OK there as >>> well as the path in >>> MailScanner.conf to both incoming and outgoing queues. I still think it is to do with the ownership of /var/spool/ MailScanner/incoming. Can the "Run As User" read all the directories down from / to /var/spool/MailScanner/incoming? It needs to be able to read them all or MailScanner won't be able to reach the dir. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HKLPw32o+k+q+hAQFF0Qf/QEv5N9GuZjy/yU1Rlv9jAGqPnW7frZvQ rcG31v/PdMb0PAYhEsiRQzEylvH+caLEVGdY4leqSt39q06Zc8WCU9SVsmVQYfFB lKq+YGUqPn5rR7I4YBdubfHgHHQrJepWX62oK0zj3tWbcPf5MZyKkdJ2YqcKEj5E sfr2NL/2o+2ca7m34aAIYFi1VXdxf1oR6IiuEnz//CUd0mxYVHIWLsW2S3VmJH/f a2mED9nko9dh8U4m3JKau2/znfpXNEXE8P8+skTEW4LyPeH6dIy90Yzq+hN0eOh9 LhQ0hV5qrNUnP7IG3y/ohIJPr07gwd2tuhAewHrC6oKIev8zAjQF+A== =d/bO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:02:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:02:44 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: <20060201220412.GA10311@gbcomputers.com> References: <20060201182512.GA30959@gbcomputers.com> <43E124E4.6070907@ecs.soton.ac.uk> <20060201220412.GA10311@gbcomputers.com> Message-ID: <6CA19CF5-E8DB-4855-BBC3-3DD2B3D8A136@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- What version of perl are you running? On 1 Feb 2006, at 22:04, Gregg Berkholtz wrote: > > ********************************************************************** > **** > Perl versions below 5.6.1 are no longer supported by the DBI. > Perl versions 5.6.x may fail during installation with a complaint > about the use of =head3 in the pod documentation. > Press return to continue... > ********************************************************************** > **** > > On Wed, Feb 01, 2006 at 09:15:16PM +0000, Julian Field wrote: >> Do >> >> perl -MCPAN -e shell >> install Storable >> quit >> >> Make sure it doesn't start upgrading your entire Perl installation, >> thump Ctrl-C like crazy if it does! >> >> Then try running the install.sh again. >> >> Gregg Berkholtz wrote: >>> It appears I cant install DBI as I'm getting the following error >>> after >>> running >>> MailScanner's install.sh on a Debian 3.0 system. Any assistance >>> is greatly >>> appreciated: >>> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HKrfw32o+k+q+hAQGPcggAuUuAKLAgEDWoELnUxfSCifBTt6SEuC7i ftDx2M3uUpIP6TvlM8UHd0QTUDwrUYfF5rHzD2WQiQ4+7GT3bHqLWfAufSVurs41 t4PDef68xPCY3iViWVkpCkEm26nz3WSsykVVOAQSrSy8+xDQy1uZPbhZ9K6QURMi eGUKdQcQ3MOIPW6ywR84ZQT8Oy9jZgSDbkWIj27X98y1MvpBtzajsNrjaKgwbHP2 gKX7CVZl0JEeVlMq25/POdeuhnmdKhGxEQQasGB++MmCaJBpsZxG8L/z+Q7kn6z8 LYf57Zg8n96iM6Mj0Oj/MEdZVelB/mRbERiQvIncPPwW6Ox3qjlpBg== =t9IK -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:05:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:05:54 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <43E1382D.8010603@haigmail.com> References: <43E1382D.8010603@haigmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 22:37, Lance Haig wrote: > * PGP Signed by an unknown key: 02/01/06 at 22:37:33 > > I have a problem after upgrading. > > My MS is very slow processing mail. I have sent test text messages to > the system and they take between 28 to 31 seconds to process > > here is a snippet of the log Can anyone lead me in the right direction > to see why this is so low? I would suspect a SpamAssassin problem. Run MailScanner --debug --debug-sa and see if it pauses anywhere at all. > > Thanks > > Lance > > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 > messages > waiting > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 > messages, 2009 bytes > Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting > Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content > Scanning: > Starting > Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 > messages > Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in > 27.65 seconds > Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message > k11MuMV5003084 to SQL > Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" > took > 0.00 seconds > Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: > to=, delay=00:00:28, xdelay=00:00:00, > mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], > dsn=2.0.0, stat=Sent (OK) > Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to > MailWatch SQL > Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content > Scanning: > Starting > Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 > messages > Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in > 34.43 seconds > Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message > k11MuM6S003085 to SQL > Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" > took > 0.00 seconds > Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to > MailWatch SQL > Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: > to=, delay=00:00:37, xdelay=00:00:01, > mailer=esmtp, > pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > from=, size=4772, > class=-30, > nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, > daemon=MTA, > relay=bkserver.blacknight.ie [83.98.166.45] > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > to=, delay=00:00:00, mailer=esmtp, pri=88772, > stat=queued > Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 > messages, 5347 bytes > Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > spam > in language translation file /etc/MailScanner/reports/en/ > languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > notspam in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time > reached > Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist > Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries > Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from > 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is > whitelisted > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: > Starting > Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 > messages > Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 > seconds > Feb 1 22:57:20 mailhost MailScanner[993]: Logging message > k11MvIXH003138 to SQL > Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" > took > 0.00 seconds > Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to > MailWatch SQL > Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: > to=, delay=00:00:02, xdelay=00:00:00, > mailer=esmtp, > pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) > > * Unknown Key > * 0x8059EB58 (L) > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HLbPw32o+k+q+hAQEAoAf/ROst8Ftq5KOWGrcoUdaJ+AhZDDkWs00n k28js+z49OO5pIieo7Z720+rPiAKur8MB11dY6fibvfQtTXqMNu0JHhoNuC8KMcm mGvivqwe6Isl+9hOR91qhLZb10Svc1A1pq7yxh3EgolEUT3NCajP8P5Hfaj4Njj2 JP6fSRVu+4H2y64XgpZT1yvtJ305nhkOKkwHzo9eJN7QoJvtAdnOda4HrFALjUAG 8akqfD4SKlpfwmau06iNJ+pDyyCBGsvJE+yoEOVGuMRgpAXDb7MHF2lxMPQaIpZ7 12p8aZfONpG1YhsiILUaMpki2BN8eZlhef2TkNlKQgr0RgjSChLywA== =epWc -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:09:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:09:38 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <003f01c62787$c3f61370$0200a8c0@satellite> References: <003f01c62787$c3f61370$0200a8c0@satellite> Message-ID: <46930868-3367-42BE-91FD-75B47F99B677@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 23:32, Dave wrote: > Hello, > I've got a mailscanner install with sendmail. It's working fine > and it's working for multiple users. Now i'm getting requests from > user a to add a username/domain to a blacklist file and user b to > add another username/domain to a whitelist file. These i'm thinking > should be separate as they are separate domains. This is on an fc4 > box. Is this doable, any help appreciated. > Thanks. > Dave. Blacklist or whitelist in what sense? You basically just need a couple of rulesets, one for your blacklist and one for your whitelist. There is already a spam.whitelist.rules which you can use as a sample from which to create and use a spam.blacklist.rules file. Look in MailScanner.conf for spam.whitelist.rules and you will see how to refer a setting to a rules file. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== =2N0u -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:13:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:13:24 2006 Subject: Password Protected PDFs In-Reply-To: <18BAD67B3136234285A06EB137C5CBD102F9ED28@exchange03.CBOCS.com> References: <18BAD67B3136234285A06EB137C5CBD102F9ED28@exchange03.CBOCS.com> Message-ID: <1078D40C-8439-4B96-BF88-83D34EFA1B6C@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 02:18, Andrews Carl 448 wrote: > I am having a problem allowing password protected PDFs in from an > address to an address using a ruleset. The ruleset works great, if > I put the lines in the virus.scanning.rules file. I tried the Allow > Password-Protected Archives option, but PDFs are not achives and so > mailscanner, correctly, ignores that rule. The log file shows > "MailScanner [####]: Viruses marked as silent: Password protected > file .", so this is a virus setting but I can not find it. Could > someone tell me what option I need to point to my ruleset or do I > have to use the virus.scanning.rules? Take a look at the "Allowed Sophos Error Messages" setting. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HNIPw32o+k+q+hAQFB9wgAsvcJ8EQv2Off/jIHK+2rvY/+PZl1VIfU aVgHWh0YE94jr5Fua+AZRer599JdOCI1Zh/Qr4T/L50LhqzVvpQVKzyc+lKMB7Dz Yl29XW2l2L69SJ5oBQlYw1jcnxlhK5adPaPJiGorRbGtna8RjZlx8LvvvHSkHTh3 V8A8qQ/10L2OPglyvLuQZfxxR72jxHM2e4TIYtZvXHTuJdiZaYIHTWMNrUr5TWCq VaNDmmkPlLpIJ0bM77KG7iW3RMmBdFKBW4qaB+JElQjD4KC0sgst1ge3UxWA7JE+ LXQvg+mflx2v0Kd6hfVs9Z4GjHcdWDNH2Q2qEt/12zIvHufdLPd3nw== =RL57 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From C.P.Mills at cranfield.ac.uk Thu Feb 2 09:22:17 2006 From: C.P.Mills at cranfield.ac.uk (Mills Mr C P) Date: Thu Feb 2 09:24:46 2006 Subject: Password protected files - not zips Message-ID: <8612FDC208266E419168366E1D2E3B797B0FD8@CranfieldMail.shrivenham.cranfield.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3094 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060202/5b2cabc9/smime.bin From glenn.steen at gmail.com Thu Feb 2 09:37:00 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 09:37:03 2006 Subject: SQLite and postfix... In-Reply-To: <6F3A6C09-CC53-435F-A432-8CAB51A0ACDD@ecs.soton.ac.uk> References: <223f97700602010923w68b73106l@mail.gmail.com> <223f97700602011216x753fafccx@mail.gmail.com> <43E126BC.3020108@ecs.soton.ac.uk> <223f97700602011346p327e1b06y@mail.gmail.com> <6F3A6C09-CC53-435F-A432-8CAB51A0ACDD@ecs.soton.ac.uk> Message-ID: <223f97700602020137x6e5d2be6i@mail.gmail.com> On 02/02/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 1 Feb 2006, at 21:46, Glenn Steen wrote: > (snip) > > Come to think of it, I might have done a "MailScanner --lint" before > > upgrading the MailScanner.conf file... It complained about the > > spurious spam.assassin.prefs.conf line, IIRC... But it should still > > have switched into "postfix" user, right? Or did that prevent it from > > using it, then perform the spam cache query ... which then created the > > bum file? > > I'll try retrace my steps tomorrow and see what gives. > > You are exactly right. > I guess I should move the "change user" code a bit. > > 4.50.14-2 produces a proper error message in this situation now, it > doesn't just die. Good, both that it's found and that it's handled. Thank you. (I'm having yet another hectic day, so... really would have been hard pressed for time to try get you more info:-) Regarding moving the root cause, one could of course just "solve" it in documentation. But it's probably better to not have to resort to that:-). Again, thanks for your hard work! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Feb 2 09:44:19 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 09:44:22 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: References: <223f97700602011525t27264a64o@mail.gmail.com> Message-ID: <223f97700602020144r5f726c69u@mail.gmail.com> On 02/02/06, David Curtis wrote: > > > [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ > total 8 > drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . > drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. > > Thanks, > Dave > In a parallell thread, Julian mentioned something worth checking... The allowing perms on the target directory might be "masked" by directories higher up... So do the following: su - postfix --shell=/bin/bash touch /var/spool/MailScanner/incoming/test If this fails, then there we might have your problem... You'll have to check all the "intervening" directories from / on down to incoming, in that case. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From wmcdonald at gmail.com Thu Feb 2 09:53:08 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Thu Feb 2 09:53:11 2006 Subject: sendmail greet_pause feature In-Reply-To: References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> Message-ID: <1f8fae340602020153i1a1b061h@mail.gmail.com> On 01/02/06, Julian Field wrote: > On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 > needs flock. Is locking autodetecting, if you see what I mean? In the MailScanner.conf it says... # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For sendmail 8.13 onwards, you will probably need to change it to posix. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = Does MailScanner *know* I'm running 8.13 or should I force posix locking? Will. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:58:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:59:07 2006 Subject: SQLite and postfix... In-Reply-To: <223f97700602020137x6e5d2be6i@mail.gmail.com> References: <223f97700602010923w68b73106l@mail.gmail.com> <223f97700602011216x753fafccx@mail.gmail.com> <43E126BC.3020108@ecs.soton.ac.uk> <223f97700602011346p327e1b06y@mail.gmail.com> <6F3A6C09-CC53-435F-A432-8CAB51A0ACDD@ecs.soton.ac.uk> <223f97700602020137x6e5d2be6i@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 09:37, Glenn Steen wrote: > On 02/02/06, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 1 Feb 2006, at 21:46, Glenn Steen wrote: >> > (snip) >>> Come to think of it, I might have done a "MailScanner --lint" before >>> upgrading the MailScanner.conf file... It complained about the >>> spurious spam.assassin.prefs.conf line, IIRC... But it should still >>> have switched into "postfix" user, right? Or did that prevent it >>> from >>> using it, then perform the spam cache query ... which then >>> created the >>> bum file? >>> I'll try retrace my steps tomorrow and see what gives. >> >> You are exactly right. >> I guess I should move the "change user" code a bit. >> >> 4.50.14-2 produces a proper error message in this situation now, it >> doesn't just die. > Good, both that it's found and that it's handled. Thank you. (I'm > having yet another hectic day, so... really would have been hard > pressed for time to try get you more info:-) > > Regarding moving the root cause, one could of course just "solve" it > in documentation. But it's probably better to not have to resort to > that:-). 4.50.15 handles it better, if you are running "--lint" it changes user to "postfix" before trying to use the SpamAssassin cache db. So now you shouldn't get any permissions problems. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HX4/w32o+k+q+hAQE7BQgAlA9+x2ajMCE9g+fjLW3S5s74ldbzUOZa sKtc1dDvqWqQfyp8GvAo63wvg7PmgNkvmi9dN17HPqgSJcJYDf5kzdcYf8YcOwAN T3Slb+MziC+7ozhVRyXqShxFrDOj1sVaBdCSOMNzuLZnuDYL3HyeLWo7GLTOc1JX 0/y4ZEeYUVIgTgKjB4Kp/mAeQUhv9xyjzrt4KFOVCP68sFjmkL09utLrR6+XAtNp H53bda3Z0Cya4zfhrnfs0pfJABuQf3uVTkkl4sR6kEqCiywxXoUI9IhGUY+wvFSE bjCpQHo6kbpY5feQorrdUvh2cq6C/KPihKS/DO1vvaEUhDhgZHTczw== =1n+G -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 10:00:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 10:00:11 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: <223f97700602020144r5f726c69u@mail.gmail.com> References: <223f97700602011525t27264a64o@mail.gmail.com> <223f97700602020144r5f726c69u@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 09:44, Glenn Steen wrote: > On 02/02/06, David Curtis wrote: >> >> >> [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ >> total 8 >> drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . >> drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. >> >> Thanks, >> Dave >> > In a parallell thread, Julian mentioned something worth checking... > The allowing perms on the target directory might be "masked" by > directories higher up... So do the following: > su - postfix --shell=/bin/bash > touch /var/spool/MailScanner/incoming/test > If this fails, then there we might have your problem... You'll have to > check all the "intervening" directories from / on down to incoming, in > that case. The error handling for this situation is a lot better in 4.50.15. If you are having trouble with .14 (and only if you are having trouble) it would be worth upgrading to .15. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HYI/w32o+k+q+hAQGrpAf/YJ7sgWFFGPrRkIGi7czOHSptIqgnmUX0 s487wiR7toGouAOSAIVEFO8vHXLeMgffYBZIwuGS3IHv7QR3aB+Gfn+aey4TxMOe uRZj5A9mZJN8WmCx1+Q1NshKOGGzi2Dzinuqwj1NEfqZqMvcURWttvmiFiTzS0cF L1eGFk/DxV6IoeU1g5/K+LhCHRDObTNRsmCgo+R3qqQf9SU6k1QxpkHyu3NyhZl1 eonX2rL0Ja1ni60D5caHhUk0o6qWPNIwDAZoem1dqVT43NLKJ2ij5A5JYpzpXP58 bPC8/Cfc0u59gnMo5CfleV8POPAlFnpIl3Ct0yIPXWn8weESdmupJw== =Eris -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From joost at waversveld.nl Thu Feb 2 10:02:16 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Thu Feb 2 10:00:49 2006 Subject: sendmail greet_pause feature In-Reply-To: <1f8fae340602020153i1a1b061h@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> Message-ID: <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> You must force posix locking... The standard will be flock locking. I thought Julian is thinking about changing the standard to posix, but at the moment the standard is still "flock" So it must be "Lock Type = posix" for you... ;) Joost Waversveld ----- Message from wmcdonald@gmail.com --------- Date: Thu, 2 Feb 2006 09:53:08 +0000 From: Will McDonald Reply-To: MailScanner discussion Subject: Re: sendmail greet_pause feature To: MailScanner discussion > On 01/02/06, Julian Field wrote: > >> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >> needs flock. > > Is locking autodetecting, if you see what I mean? In the > MailScanner.conf it says... > > # How to lock spool files. > # Don't set this unless you *know* you need to. > # For sendmail, it defaults to "flock". > # For sendmail 8.13 onwards, you will probably need to change it to posix. > # For Exim, it defaults to "posix". > # No other type is implemented. > Lock Type = > > Does MailScanner *know* I'm running 8.13 or should I force posix locking? > > Will. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ----- End message from wmcdonald@gmail.com ----- From a.peacock at chime.ucl.ac.uk Thu Feb 2 10:32:50 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Feb 2 10:33:00 2006 Subject: sendmail greet_pause feature In-Reply-To: <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> Message-ID: <43E1DFD2.20708@chime.ucl.ac.uk> Hi, Joost Waversveld wrote: > You must force posix locking... The standard will be flock locking. I > thought Julian is thinking about changing the standard to posix, but at > the moment the standard is still "flock" > > So it must be "Lock Type = posix" for you... ;) Is this true for all OSs? I am using Sendmail 8.13 and the default locking on Solaris and I am not having any problems at all. I always thought the advice was only change this if you are having problems. I also recall that the requirement for posix locking is dependent on the OS. Grateful for any correction. > > Joost Waversveld > > ----- Message from wmcdonald@gmail.com --------- > Date: Thu, 2 Feb 2006 09:53:08 +0000 > From: Will McDonald > Reply-To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > To: MailScanner discussion > > >> On 01/02/06, Julian Field wrote: >> >>> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >>> needs flock. >> >> Is locking autodetecting, if you see what I mean? In the >> MailScanner.conf it says... >> >> # How to lock spool files. >> # Don't set this unless you *know* you need to. >> # For sendmail, it defaults to "flock". >> # For sendmail 8.13 onwards, you will probably need to change it to >> posix. >> # For Exim, it defaults to "posix". >> # No other type is implemented. >> Lock Type = >> >> Does MailScanner *know* I'm running 8.13 or should I force posix locking? >> >> Will. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ----- End message from wmcdonald@gmail.com ----- > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From brian.okeeffe at kepak.com Thu Feb 2 11:57:17 2006 From: brian.okeeffe at kepak.com (Brian O'Keeffe) Date: Thu Feb 2 11:57:30 2006 Subject: sendmail greet_pause feature In-Reply-To: Message-ID: Thanks, for that, I implemented it yesterday and am noticing a difference, could anybody recommend a package for log monitoring so I can compare before and after implementation traffic? I'm using sendmail and MailScanner on debian woody. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jim Holland Sent: 01 February 2006 08:12 To: MailScanner mailing list Subject: OT: sendmail greet_pause feature Perhaps other sendmail users know all about this, but I have only looked at it for the first time. I run sendmail 8.13.1 and have decided to implement the greet_pause feature for the first time (after seeing that it is a default option in Debian installations). This requires a specified delay after connection, which can be network specific, before a client system is allowed to send any SMTP commands. Any client that breaks normal SMTP protocols by trying to force commands before receiving the go-ahead is immediately disconnected. This seems to distinguish very successfully between genuine mailers and spammers/viruses that are not RFC-compliant. Using a 5 second delay I have found that the system has blocked over 3200 connections in the first 24 hours I used it. The client systems were all typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR record at all. I found only four systems in the blocked group that looked as if they were genuine. On further investigation I found that earlier log records for some of those sites indicated behaviour typical of virus infections in any case. To implement the feature: Add the following to the sendmail.mc file: FEATURE(`greet_pause', `5000')dnl 5 seconds Rebuild sendmail and restart MailScanner: m4 < sendmail.mc > sendmail.cf service MailScanner restart Then specific entries for client hostname, domain, IP address or subnet can be put in the access file: GreetPause:my.domain 0 GreetPause:example.com 5000 GreetPause:10.1.2 2000 GreetPause:127.0.0.1 0 Definitely worth a look I would say, as it blocks large numbers of spammers before they are allowed to send any data, with very low risk of blocking genuine systems. It even seems to allow genuine mail from infected systems to be accepted while blocking viruses from those same systems before the DATA phase - as many viruses seem to behave rather impolitely :-) Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service -- MailScanner mailing list MailScanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.25/246 - Release Date: 30/01/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.25/246 - Release Date: 30/01/2006 From padma at eis.iisc.ernet.in Thu Feb 2 11:53:11 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Thu Feb 2 12:03:49 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? Message-ID: Not Virus scanning, but I would like to bypass mailscanner itself for local users. Regards Padma ERNET Helpdesk From MailScanner at ecs.soton.ac.uk Thu Feb 2 12:15:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 12:15:19 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: References: Message-ID: <190F0BCB-7BF5-47A5-B56A-581AFACE58D8@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Read about rulesets, it is very easy to do this. See wiki.mailscanner.info/posting and it will point you towards the documentation. On 2 Feb 2006, at 11:53, padma@eis.iisc.ernet.in wrote: > > Not Virus scanning, but I would like to bypass mailscanner itself > for local users. > > > > Regards > Padma > ERNET Helpdesk > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+H30Pw32o+k+q+hAQEoxggAgteM23PrB/N8DMSFcuM9+oYVoJaIOHwA kGu0aYQzXRBNSgmqmiglV3h5JcaQP6MCtjXMdnx3uDxfil/0qGqChMFA/tbQVWDk 9UGRNY1w2cXJ+jjMRDH16SJcaxbsakJfw6ibfT6fNDbsZuepKJdyfuc8II9TpDXS 9lnLxzxt5zhsWWDwZleZBrlL/ZNG+4+e0+jBvB/9fYmwK6xhE33rX2GN+iqNF7o5 1UXccfzIwjU7Q4E8nUurxWIJWtahHNmVgsvKOLZF6rXg26dbML4Pqrt0kukp2ibo VLs0uqWHzMuKLAwbCBe/8+8MvylZcV3WxLd6Grh5mtO3FurQGw3yBg== =oB3l -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Thu Feb 2 12:16:48 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 2 12:16:53 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: References: Message-ID: Do you mean bypass spam filtering? then define a ruleset for Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Where this ruleset has something like: From: 137.146. yes From: 127.0.0.1 yes FromOrTo: default no 137.146. is my netblock. I actually have this commented out; the only IP I whitelist is loopback. Jeff Earickson Colby College On Thu, 2 Feb 2006, padma@eis.iisc.ernet.in wrote: > Date: Thu, 2 Feb 2006 17:23:11 +0530 (IST) > From: padma@eis.iisc.ernet.in > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Is there a way to bypass mailscanner for local users on the server > itself? > > > Not Virus scanning, but I would like to bypass mailscanner itself for local > users. > > > > Regards > Padma > ERNET Helpdesk > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dhawal at netmagicsolutions.com Thu Feb 2 12:18:36 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Feb 2 12:18:27 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: References: Message-ID: <43E1F89C.500@netmagicsolutions.com> padma@eis.iisc.ernet.in wrote: > > Not Virus scanning, but I would like to bypass mailscanner itself for > local users. > > Regards > Padma > ERNET Helpdesk Use a ruleset for this option "Scan Messages" in MailScanner.conf, this was introduced in MailScanner versions > 4.44.x - dhawal From martinh at solid-state-logic.com Thu Feb 2 12:20:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Feb 2 12:21:08 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: Message-ID: <00d801c627f3$174175e0$3004010a@martinhlaptop> Padma In MailScanner.conf theres a setting "Scan Messages" which can be used to call a ruleset which can not scan for certain email addresses. There's a nice example just above this setting on how to do this. HOWEVER you might find that for emails with multiple recipients you might get unintuitve behaviour and you may need to split the emails up into single recipients. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in > Sent: 02 February 2006 11:53 > To: MailScanner discussion > Subject: Is there a way to bypass mailscanner for local users on the > server itself? > > > Not Virus scanning, but I would like to bypass mailscanner itself for > local users. > > > > Regards > Padma > ERNET Helpdesk > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From padma at eis.iisc.ernet.in Thu Feb 2 12:26:12 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Thu Feb 2 12:36:46 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: <00d801c627f3$174175e0$3004010a@martinhlaptop> References: <00d801c627f3$174175e0$3004010a@martinhlaptop> Message-ID: Hello All, The version of Mailscanner i have installed is 4.40. Is the following option not available with 4.40?? Regards Padma On Thu, 2 Feb 2006, Martin Hepworth wrote: > Padma > > In MailScanner.conf theres a setting "Scan Messages" which can be used to > call a ruleset which can not scan for certain email addresses. There's a > nice example just above this setting on how to do this. > > HOWEVER you might find that for emails with multiple recipients you might > get unintuitve behaviour and you may need to split the emails up into single > recipients. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in >> Sent: 02 February 2006 11:53 >> To: MailScanner discussion >> Subject: Is there a way to bypass mailscanner for local users on the >> server itself? >> >> >> Not Virus scanning, but I would like to bypass mailscanner itself for >> local users. >> >> >> >> Regards >> Padma >> ERNET Helpdesk >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > From martinh at solid-state-logic.com Thu Feb 2 13:05:25 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Feb 2 13:05:45 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: Message-ID: <00e001c627f9$57470550$3004010a@martinhlaptop> Padma Unfortunately not, this option first appeared in 4.44 Good excuse to update to 4.50 mind, there's a new goodies there and it runs a lot lot faster. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in > Sent: 02 February 2006 12:26 > To: MailScanner discussion > Subject: RE: Is there a way to bypass mailscanner for local users on the > server itself? > > > Hello All, > > The version of Mailscanner i have installed is 4.40. Is the following > option not available with 4.40?? > > Regards > Padma > > > > On Thu, 2 Feb 2006, Martin Hepworth wrote: > > > Padma > > > > In MailScanner.conf theres a setting "Scan Messages" which can be used > to > > call a ruleset which can not scan for certain email addresses. There's a > > nice example just above this setting on how to do this. > > > > HOWEVER you might find that for emails with multiple recipients you > might > > get unintuitve behaviour and you may need to split the emails up into > single > > recipients. > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in > >> Sent: 02 February 2006 11:53 > >> To: MailScanner discussion > >> Subject: Is there a way to bypass mailscanner for local users on the > >> server itself? > >> > >> > >> Not Virus scanning, but I would like to bypass mailscanner itself for > >> local users. > >> > >> > >> > >> Regards > >> Padma > >> ERNET Helpdesk > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jaearick at colby.edu Thu Feb 2 13:05:58 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 2 13:06:05 2006 Subject: sendmail greet_pause feature In-Reply-To: <43E1DFD2.20708@chime.ucl.ac.uk> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> <43E1DFD2.20708@chime.ucl.ac.uk> Message-ID: Same here. running Solaris 9 with sendmail 8.13.5. I've never touched the Lock Type setting. Jeff Earickson Colby College On Thu, 2 Feb 2006, Anthony Peacock wrote: > Date: Thu, 02 Feb 2006 10:32:50 +0000 > From: Anthony Peacock > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > Hi, > > Joost Waversveld wrote: >> You must force posix locking... The standard will be flock locking. I >> thought Julian is thinking about changing the standard to posix, but at the >> moment the standard is still "flock" >> >> So it must be "Lock Type = posix" for you... ;) > > Is this true for all OSs? > > I am using Sendmail 8.13 and the default locking on Solaris and I am not > having any problems at all. I always thought the advice was only change this > if you are having problems. I also recall that the requirement for posix > locking is dependent on the OS. > > Grateful for any correction. > > >> >> Joost Waversveld >> >> ----- Message from wmcdonald@gmail.com --------- >> Date: Thu, 2 Feb 2006 09:53:08 +0000 >> From: Will McDonald >> Reply-To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> To: MailScanner discussion >> >> >>> On 01/02/06, Julian Field wrote: >>> >>>> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >>>> needs flock. >>> >>> Is locking autodetecting, if you see what I mean? In the >>> MailScanner.conf it says... >>> >>> # How to lock spool files. >>> # Don't set this unless you *know* you need to. >>> # For sendmail, it defaults to "flock". >>> # For sendmail 8.13 onwards, you will probably need to change it to posix. >>> # For Exim, it defaults to "posix". >>> # No other type is implemented. >>> Lock Type = >>> >>> Does MailScanner *know* I'm running 8.13 or should I force posix locking? >>> >>> Will. >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ----- End message from wmcdonald@gmail.com ----- >> >> > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that heralds new > discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From joost at waversveld.nl Thu Feb 2 13:19:29 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Thu Feb 2 13:18:02 2006 Subject: sendmail greet_pause feature In-Reply-To: References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> <43E1DFD2.20708@chime.ucl.ac.uk> Message-ID: <20060202141929.by6t7fas74wo0woc@webmail.waversveld.nl> I really do not know if this is for all the OS's. I do know that it is true for Redhat, CentOS, etc. ----- Message from jaearick@colby.edu --------- Date: Thu, 2 Feb 2006 08:05:58 -0500 (EST) From: "Jeff A. Earickson" Reply-To: MailScanner discussion Subject: Re: sendmail greet_pause feature To: MailScanner discussion > Same here. running Solaris 9 with sendmail 8.13.5. I've never > touched the Lock Type setting. > > Jeff Earickson > Colby College > > On Thu, 2 Feb 2006, Anthony Peacock wrote: > >> Date: Thu, 02 Feb 2006 10:32:50 +0000 >> From: Anthony Peacock >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> >> Hi, >> >> Joost Waversveld wrote: >>> You must force posix locking... The standard will be flock locking. >>> I thought Julian is thinking about changing the standard to posix, >>> but at the moment the standard is still "flock" >>> >>> So it must be "Lock Type = posix" for you... ;) >> >> Is this true for all OSs? >> >> I am using Sendmail 8.13 and the default locking on Solaris and I am >> not having any problems at all. I always thought the advice was >> only change this if you are having problems. I also recall that the >> requirement for posix locking is dependent on the OS. >> >> Grateful for any correction. >> >> >>> >>> Joost Waversveld >>> >>> ----- Message from wmcdonald@gmail.com --------- >>> Date: Thu, 2 Feb 2006 09:53:08 +0000 >>> From: Will McDonald >>> Reply-To: MailScanner discussion >>> Subject: Re: sendmail greet_pause feature >>> To: MailScanner discussion >>> >>> >>>> On 01/02/06, Julian Field wrote: >>>> >>>>> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >>>>> needs flock. >>>> >>>> Is locking autodetecting, if you see what I mean? In the >>>> MailScanner.conf it says... >>>> >>>> # How to lock spool files. >>>> # Don't set this unless you *know* you need to. >>>> # For sendmail, it defaults to "flock". >>>> # For sendmail 8.13 onwards, you will probably need to change it to posix. >>>> # For Exim, it defaults to "posix". >>>> # No other type is implemented. >>>> Lock Type = >>>> >>>> Does MailScanner *know* I'm running 8.13 or should I force posix locking? >>>> >>>> Will. >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> ----- End message from wmcdonald@gmail.com ----- >>> >>> >> >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "The most exciting phrase to hear in science, the one that heralds >> new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac >> Asimov >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ----- End message from jaearick@colby.edu ----- From dcurtisathome at hotmail.com Thu Feb 2 13:24:42 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Thu Feb 2 13:24:46 2006 Subject: Problems starting after upgrading to 4.50.14 References: <223f97700602011525t27264a64o@mail.gmail.com><223f97700602020144r5f726c69u@mail.gmail.com> Message-ID: I could not figure any way around the error so I uninstalled and re-installed MailScanner-4.49.7-1. I will try a newer release after hours next time. This was the first upgrade I had problems with. I went ahead with the upgrade after reading Glenn's fix for the problem but my problem must have been different because there was no file to delete. Thanks, Dave ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 5:00 AM Subject: Re: Problems starting after upgrading to 4.50.14 > -----BEGIN PGP SIGNED MESSAGE----- > > > On 2 Feb 2006, at 09:44, Glenn Steen wrote: > >> On 02/02/06, David Curtis wrote: >>> >>> >>> [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ >>> total 8 >>> drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . >>> drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. >>> >>> Thanks, >>> Dave >>> >> In a parallell thread, Julian mentioned something worth checking... >> The allowing perms on the target directory might be "masked" by >> directories higher up... So do the following: >> su - postfix --shell=/bin/bash >> touch /var/spool/MailScanner/incoming/test >> If this fails, then there we might have your problem... You'll have to >> check all the "intervening" directories from / on down to incoming, in >> that case. > > The error handling for this situation is a lot better in 4.50.15. If > you are having trouble with .14 (and only if you are having trouble) > it would be worth upgrading to .15. > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+HYI/w32o+k+q+hAQGrpAf/YJ7sgWFFGPrRkIGi7czOHSptIqgnmUX0 > s487wiR7toGouAOSAIVEFO8vHXLeMgffYBZIwuGS3IHv7QR3aB+Gfn+aey4TxMOe > uRZj5A9mZJN8WmCx1+Q1NshKOGGzi2Dzinuqwj1NEfqZqMvcURWttvmiFiTzS0cF > L1eGFk/DxV6IoeU1g5/K+LhCHRDObTNRsmCgo+R3qqQf9SU6k1QxpkHyu3NyhZl1 > eonX2rL0Ja1ni60D5caHhUk0o6qWPNIwDAZoem1dqVT43NLKJ2ij5A5JYpzpXP58 > bPC8/Cfc0u59gnMo5CfleV8POPAlFnpIl3Ct0yIPXWn8weESdmupJw== > =Eris > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From padma at eis.iisc.ernet.in Thu Feb 2 13:20:51 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Thu Feb 2 13:31:26 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: <00e001c627f9$57470550$3004010a@martinhlaptop> References: <00e001c627f9$57470550$3004010a@martinhlaptop> Message-ID: Thanks for the help! I will upgrade Mailscanner, that's much better Padma On Thu, 2 Feb 2006, Martin Hepworth wrote: > Padma > > Unfortunately not, this option first appeared in 4.44 > > Good excuse to update to 4.50 mind, there's a new goodies there and it runs > a lot lot faster. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in >> Sent: 02 February 2006 12:26 >> To: MailScanner discussion >> Subject: RE: Is there a way to bypass mailscanner for local users on the >> server itself? >> >> >> Hello All, >> >> The version of Mailscanner i have installed is 4.40. Is the following >> option not available with 4.40?? >> >> Regards >> Padma >> >> >> >> On Thu, 2 Feb 2006, Martin Hepworth wrote: >> >>> Padma >>> >>> In MailScanner.conf theres a setting "Scan Messages" which can be used >> to >>> call a ruleset which can not scan for certain email addresses. There's a >>> nice example just above this setting on how to do this. >>> >>> HOWEVER you might find that for emails with multiple recipients you >> might >>> get unintuitve behaviour and you may need to split the emails up into >> single >>> recipients. >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in >>>> Sent: 02 February 2006 11:53 >>>> To: MailScanner discussion >>>> Subject: Is there a way to bypass mailscanner for local users on the >>>> server itself? >>>> >>>> >>>> Not Virus scanning, but I would like to bypass mailscanner itself for >>>> local users. >>>> >>>> >>>> >>>> Regards >>>> Padma >>>> ERNET Helpdesk >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- Regards Padma ERNET Helpdesk From a.peacock at chime.ucl.ac.uk Thu Feb 2 13:32:04 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Feb 2 13:32:11 2006 Subject: sendmail greet_pause feature In-Reply-To: <20060202141929.by6t7fas74wo0woc@webmail.waversveld.nl> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> <43E1DFD2.20708@chime.ucl.ac.uk> <20060202141929.by6t7fas74wo0woc@webmail.waversveld.nl> Message-ID: <43E209D4.8050902@chime.ucl.ac.uk> Hi Joost, My comments were more directed to the list in general. Julian was very clear in his email earlier that on _Linux_ the lock type needs to change to Posix for Sendmail 8.13 and above. I just get twitchy when statements are made that don't recognise that the OS is an important component in this setting. First, it makes me doubt my configuration. Secondly, it might give the wrong impression to admins of OSs other than Linux. Changing the default would have implications for me. If I didn't spot that it had changed I may start to see problems after an upgrade, with a system that runs fine at the moment. Joost Waversveld wrote: > I really do not know if this is for all the OS's. I do know that it is > true for Redhat, CentOS, etc. > > ----- Message from jaearick@colby.edu --------- > Date: Thu, 2 Feb 2006 08:05:58 -0500 (EST) > From: "Jeff A. Earickson" > Reply-To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > To: MailScanner discussion > > >> Same here. running Solaris 9 with sendmail 8.13.5. I've never >> touched the Lock Type setting. >> >> Jeff Earickson >> Colby College >> >> On Thu, 2 Feb 2006, Anthony Peacock wrote: >> >>> Date: Thu, 02 Feb 2006 10:32:50 +0000 >>> From: Anthony Peacock >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: sendmail greet_pause feature >>> >>> Hi, >>> >>> Joost Waversveld wrote: >>>> You must force posix locking... The standard will be flock locking. >>>> I thought Julian is thinking about changing the standard to posix, >>>> but at the moment the standard is still "flock" >>>> >>>> So it must be "Lock Type = posix" for you... ;) >>> >>> Is this true for all OSs? >>> >>> I am using Sendmail 8.13 and the default locking on Solaris and I am >>> not having any problems at all. I always thought the advice was only >>> change this if you are having problems. I also recall that the >>> requirement for posix locking is dependent on the OS. >>> >>> Grateful for any correction. >>> >>> >>>> >>>> Joost Waversveld >>>> >>>> ----- Message from wmcdonald@gmail.com --------- >>>> Date: Thu, 2 Feb 2006 09:53:08 +0000 >>>> From: Will McDonald >>>> Reply-To: MailScanner discussion >>>> Subject: Re: sendmail greet_pause feature >>>> To: MailScanner discussion >>>> >>>> >>>>> On 01/02/06, Julian Field wrote: >>>>> >>>>>> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >>>>>> needs flock. >>>>> >>>>> Is locking autodetecting, if you see what I mean? In the >>>>> MailScanner.conf it says... >>>>> >>>>> # How to lock spool files. >>>>> # Don't set this unless you *know* you need to. >>>>> # For sendmail, it defaults to "flock". >>>>> # For sendmail 8.13 onwards, you will probably need to change it to >>>>> posix. >>>>> # For Exim, it defaults to "posix". >>>>> # No other type is implemented. >>>>> Lock Type = >>>>> >>>>> Does MailScanner *know* I'm running 8.13 or should I force posix >>>>> locking? >>>>> >>>>> Will. >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> >>>> ----- End message from wmcdonald@gmail.com ----- >>>> >>>> >>> >>> >>> -- >>> Anthony Peacock >>> CHIME, Royal Free & University College Medical School >>> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>> "The most exciting phrase to hear in science, the one that heralds >>> new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac >>> Asimov >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ----- End message from jaearick@colby.edu ----- > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From joost at waversveld.nl Thu Feb 2 13:39:33 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Thu Feb 2 13:38:10 2006 Subject: sendmail greet_pause feature In-Reply-To: <43E209D4.8050902@chime.ucl.ac.uk> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> <43E1DFD2.20708@chime.ucl.ac.uk> <20060202141929.by6t7fas74wo0woc@webmail.waversveld.nl> <43E209D4.8050902@chime.ucl.ac.uk> Message-ID: <20060202143933.05h6byks2sggokwo@webmail.waversveld.nl> Anthony, I get your point and you're absolutely right. I'm sorry for that. I won't do it again :-D Greetz, Joost ----- Message from a.peacock@chime.ucl.ac.uk --------- Date: Thu, 02 Feb 2006 13:32:04 +0000 From: Anthony Peacock Reply-To: MailScanner discussion Subject: Re: sendmail greet_pause feature To: MailScanner discussion > Hi Joost, > > My comments were more directed to the list in general. > > Julian was very clear in his email earlier that on _Linux_ the lock > type needs to change to Posix for Sendmail 8.13 and above. > > I just get twitchy when statements are made that don't recognise that > the OS is an important component in this setting. First, it makes me > doubt my configuration. Secondly, it might give the wrong impression > to admins of OSs other than Linux. > > Changing the default would have implications for me. If I didn't > spot that it had changed I may start to see problems after an > upgrade, with a system that runs fine at the moment. > > Joost Waversveld wrote: >> I really do not know if this is for all the OS's. I do know that it >> is true for Redhat, CentOS, etc. >> >> ----- Message from jaearick@colby.edu --------- >> Date: Thu, 2 Feb 2006 08:05:58 -0500 (EST) >> From: "Jeff A. Earickson" >> Reply-To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> To: MailScanner discussion >> >> >>> Same here. running Solaris 9 with sendmail 8.13.5. I've never >>> touched the Lock Type setting. >>> >>> Jeff Earickson >>> Colby College >>> >>> On Thu, 2 Feb 2006, Anthony Peacock wrote: >>> >>>> Date: Thu, 02 Feb 2006 10:32:50 +0000 >>>> From: Anthony Peacock >>>> Reply-To: MailScanner discussion >>>> To: MailScanner discussion >>>> Subject: Re: sendmail greet_pause feature >>>> >>>> Hi, >>>> >>>> Joost Waversveld wrote: >>>>> You must force posix locking... The standard will be flock >>>>> locking. I thought Julian is thinking about changing the standard >>>>> to posix, but at the moment the standard is still "flock" >>>>> >>>>> So it must be "Lock Type = posix" for you... ;) >>>> >>>> Is this true for all OSs? >>>> >>>> I am using Sendmail 8.13 and the default locking on Solaris and I >>>> am not having any problems at all. I always thought the advice >>>> was only change this if you are having problems. I also recall >>>> that the requirement for posix locking is dependent on the OS. >>>> >>>> Grateful for any correction. >>>> >>>> >>>>> >>>>> Joost Waversveld >>>>> >>>>> ----- Message from wmcdonald@gmail.com --------- >>>>> Date: Thu, 2 Feb 2006 09:53:08 +0000 >>>>> From: Will McDonald >>>>> Reply-To: MailScanner discussion >>>>> Subject: Re: sendmail greet_pause feature >>>>> To: MailScanner discussion >>>>> >>>>> >>>>>> On 01/02/06, Julian Field wrote: >>>>>> >>>>>>> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >>>>>>> needs flock. >>>>>> >>>>>> Is locking autodetecting, if you see what I mean? In the >>>>>> MailScanner.conf it says... >>>>>> >>>>>> # How to lock spool files. >>>>>> # Don't set this unless you *know* you need to. >>>>>> # For sendmail, it defaults to "flock". >>>>>> # For sendmail 8.13 onwards, you will probably need to change it >>>>>> to posix. >>>>>> # For Exim, it defaults to "posix". >>>>>> # No other type is implemented. >>>>>> Lock Type = >>>>>> >>>>>> Does MailScanner *know* I'm running 8.13 or should I force posix >>>>>> locking? >>>>>> >>>>>> Will. >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> >>>>> ----- End message from wmcdonald@gmail.com ----- >>>>> >>>>> >>>> >>>> >>>> -- >>>> Anthony Peacock >>>> CHIME, Royal Free & University College Medical School >>>> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>>> "The most exciting phrase to hear in science, the one that heralds >>>> new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac >>>> Asimov >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ----- End message from jaearick@colby.edu ----- >> >> > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that heralds > new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac > Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ----- End message from a.peacock@chime.ucl.ac.uk ----- From wmcdonald at gmail.com Thu Feb 2 13:49:42 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Thu Feb 2 13:49:45 2006 Subject: sendmail greet_pause feature In-Reply-To: <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> Message-ID: <1f8fae340602020549t71f7933ap@mail.gmail.com> On 02/02/06, Joost Waversveld wrote: > You must force posix locking... The standard will be flock locking. I > thought Julian is thinking about changing the standard to posix, but at > the moment the standard is still "flock" > > So it must be "Lock Type = posix" for you... ;) Cool. Thanks for the confirmation Joost. Will From dcurtisathome at hotmail.com Thu Feb 2 13:56:24 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Thu Feb 2 13:56:28 2006 Subject: Problems starting after upgrading to 4.50.14 References: <223f97700602011525t27264a64o@mail.gmail.com> <223f97700602020144r5f726c69u@mail.gmail.com> Message-ID: Glenn, I missed this post. Probably would have saved me a lot of hassle. I have already downgraded, and I have looked for the SpamAssassin.cache.db and could not find it any where. Thanks, Dave ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 4:44 AM Subject: Re: Problems starting after upgrading to 4.50.14 On 02/02/06, David Curtis wrote: > > > [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ > total 8 > drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . > drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. > > Thanks, > Dave > In a parallell thread, Julian mentioned something worth checking... The allowing perms on the target directory might be "masked" by directories higher up... So do the following: su - postfix --shell=/bin/bash touch /var/spool/MailScanner/incoming/test If this fails, then there we might have your problem... You'll have to check all the "intervening" directories from / on down to incoming, in that case. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Feb 2 14:09:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 14:10:04 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: References: <223f97700602011525t27264a64o@mail.gmail.com> <223f97700602020144r5f726c69u@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have fixed this in 4.50.15. On 2 Feb 2006, at 13:56, David Curtis wrote: > Glenn, > > I missed this post. Probably would have saved me a lot of hassle. I > have already downgraded, and I have looked for the > SpamAssassin.cache.db and could not find it any where. > > Thanks, > Dave > > > > ----- Original Message ----- From: "Glenn Steen" > > To: "MailScanner discussion" > Sent: Thursday, February 02, 2006 4:44 AM > Subject: Re: Problems starting after upgrading to 4.50.14 > > > On 02/02/06, David Curtis wrote: >> >> >> [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ >> total 8 >> drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . >> drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. >> >> Thanks, >> Dave >> > In a parallell thread, Julian mentioned something worth checking... > The allowing perms on the target directory might be "masked" by > directories higher up... So do the following: > su - postfix --shell=/bin/bash > touch /var/spool/MailScanner/incoming/test > If this fails, then there we might have your problem... You'll have to > check all the "intervening" directories from / on down to incoming, in > that case. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+ISsfw32o+k+q+hAQGqcwf+PLjP9fx5mWwekaANetFFTNYAdfDnZKk6 vOG1DzYOhQad70f5VQdHYR0X5ieaHcdTV/8HZY5NjDBrRDZI2nyKPde3Cu7iNhEw 6PWG/sVpchJF7GjUHFmrC/x5cbMNiLUGFsiG3uU7JrGF+uzbQmA4dr2m3zrRMyIp HRIFOo+r5g2F2oPcRDiLvkCdRpikGfNtvaQS+40HP3Z8x8iP6cul3UcnT+QYd2tI SRpmw51QgBpRyMm+ioZfRiDxsP4yI/QN/0SRQLErhuZoQlyPJhNZajpPsVHyOZDU F72WDZiBIMXFTnDr4xnw0D0E3Woto9yJVzU/h5FR/JKn3rXGY2hovA== =DWpB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wmcdonald at gmail.com Thu Feb 2 14:15:01 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Thu Feb 2 14:15:03 2006 Subject: Integration with QMail! In-Reply-To: <38422649D9FDBE42A238BD5604D203201FE849@wellington.sankyouk.local> References: <38422649D9FDBE42A238BD5604D203201FE849@wellington.sankyouk.local> Message-ID: <1f8fae340602020615h78cecb78w@mail.gmail.com> On 01/02/06, Doug Hall wrote: > Can anyone point me in the right direction for integrating MS with > QMail, (if possible) Could you be more specific? We use multiple MailScanner/Sendmail systems as front end relays with Qmail/Vpopmail/@Mail on multiple back end servers. Mail generated via Webmail on (or relayed through for some legacy stuff) each of the Qmail servers is relayed out to the MailScanner servers by default with a setting in /var/qmail/control/smtproutes. :mailscanner.domain.net Where mailscanner.domain.net is a round-robin DNS record pointing with equal priority to the MailScanners. From the Bind zone file... ; round-robin the results for mailscanner.domain.net mailscanner 60 A 192.168.1.10 mailscanner 60 A 192.168.1.11 The IPs of the Qmail servers are included in /etc/mail/access in the Sendmail config to allow RELAYing. Everything from /var/qmail/control/rcpthosts and morercpthosts from Qmail goes into /etc/mail/local-host-names so Sendmail knows to handle mail for those domains. rcpthosts and morercpthosts also go in ldap_domains because we use this in conjunction with mailhost.db to ensure we only accept mail for known valid users then route this on to mail.domain.net internally. mail.domain.net is effectively the Qmail servers load-balanced via LVS but could easily be round-robin DNS too. # "LDAP" domains we want to relay for. # See http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html /etc/mail/mailertable is used for special mail routing that shouldn't be delivered to the Qmail boxes. Any domains you relay out for but don't necessarily handle their incoming MX need to go into relay-domains. I need to get round to thoroughly documenting and diagramming how we did this, if I do I'll sanitize it and put it in the Wiki. If you have any specific questions just ask (preferably on-list for the benefit of the archives) and I'll do what I can. Will. From Carl.Andrews at crackerbarrel.com Thu Feb 2 14:32:35 2006 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu Feb 2 14:34:12 2006 Subject: Password Protected PDFs Message-ID: <18BAD67B3136234285A06EB137C5CBD102F9ED2A@exchange03.CBOCS.com> Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian Field Sent: Thursday, February 02, 2006 3:13 AM To: MailScanner discussion Subject: Re: Password Protected PDFs -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 02:18, Andrews Carl 448 wrote: > I am having a problem allowing password protected PDFs in from an > address to an address using a ruleset. The ruleset works great, if > I put the lines in the virus.scanning.rules file. I tried the Allow > Password-Protected Archives option, but PDFs are not achives and so > mailscanner, correctly, ignores that rule. The log file shows > "MailScanner [####]: Viruses marked as silent: Password protected > file .", so this is a virus setting but I can not find it. Could > someone tell me what option I need to point to my ruleset or do I > have to use the virus.scanning.rules? Take a look at the "Allowed Sophos Error Messages" setting. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HNIPw32o+k+q+hAQFB9wgAsvcJ8EQv2Off/jIHK+2rvY/+PZl1VIfU aVgHWh0YE94jr5Fua+AZRer599JdOCI1Zh/Qr4T/L50LhqzVvpQVKzyc+lKMB7Dz Yl29XW2l2L69SJ5oBQlYw1jcnxlhK5adPaPJiGorRbGtna8RjZlx8LvvvHSkHTh3 V8A8qQ/10L2OPglyvLuQZfxxR72jxHM2e4TIYtZvXHTuJdiZaYIHTWMNrUr5TWCq VaNDmmkPlLpIJ0bM77KG7iW3RMmBdFKBW4qaB+JElQjD4KC0sgst1ge3UxWA7JE+ LXQvg+mflx2v0Kd6hfVs9Z4GjHcdWDNH2Q2qEt/12zIvHufdLPd3nw== =RL57 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Thu Feb 2 14:44:24 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Feb 2 14:45:02 2006 Subject: Beta to latest stable suggestions References: <002301c62777$bc980a30$0705000a@DDF5DW71> <43E130C9.6000906@ecs.soton.ac.uk> Message-ID: <003701c62807$29664c50$0705000a@DDF5DW71> Mr. Field, If you have time, and can elaborate on what the MW changes from 4.50-12 Beta to 4.50-15 might be, I would appreciate it. I was having some problems with MW after upgrading, mostly with the quarantine views, but was not able to track the problem down. I will upgrade this afternoon, and there is no urgency to this at all. I have a work-around. The upgrade will tell me if it fixes the problem. The Changelog lumps all of the changes for 4.50 into one section, so I can't really tell the differences. Thanks for any reply and no big deal if you deem this a waste of time. Thanks for the superb efforts you always seem to provide! Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 5:06 PM Subject: Re: Beta to latest stable suggestions > > > Steve Campbell wrote: >> I had installed the 4.50-12 Beta last week to get the latest >> configuration file changes. Is there any reason to upgrade to the latest >> stable? > If you want to use MailWatch, then yes. There are a few other things too. > It will be a painless upgrade. >> Should I have changed the "Minimum Supported Status" in the conf file to >> 'Beta' for the Beta release, and what are the results of not doing so if >> I should have changed this? > No, leave that set to Beta or Supported. > I'm going to remove that option altogether in the next release, it's > worthless now. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From chardlist at chard.net Thu Feb 2 14:37:45 2006 From: chardlist at chard.net (chardlist) Date: Thu Feb 2 14:54:11 2006 Subject: Bayes not working after upgrade to 4.50.14 Message-ID: <014801c62806$3ccc13c0$a000a8c0@sangria> I successfully upgrade to 4.50.14 tonight, I love the new features especially the hires time reports. I've noticed that after the upgrade MailScanner (or spamassassin) is no longer paying attention to my spam.assassin.prefs.conf file. The bayes database is not being used in the path I've specified, and other options I've configured in there, such as bumping the bayes score, I'm on a cPanel server so I upgraded using a scripted provided by www.waytotheweb.com which has been successful for me in the past and was adapted for MS 4.50.14 That's about the only unique thing I can think of that might make my upgrade a little different. My before upgrading my MailScanner.conf file had this value in it: SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf The after the upgrade that directive is not present. MS 4.50.14 RH 9 Exim 4.52 Thanks for any help! -Brendan From bpumphrey at WoodMacLaw.com Thu Feb 2 14:54:31 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Feb 2 14:54:35 2006 Subject: OT: Win32/Mywife.E@mm Message-ID: <04D932B0071FE34FA63EBB1977B48D15BE3676@woodenex.woodmaclaw.local> I got a email from one of my users, always getting "FW:" from them just like everyone else. This one seemed like one of the better ones where the information might be actually useful. Quote: Please review the following links for information about an extremely serious new computer virus due to activate February 3, 2006. http://www.technologyreview.com/TR/wtr_16222,323,p1.html http://www.azcentral.com/news/articles/0127blackworm27-ON.html http://www.microsoft.com/technet/security/advisory/904420.mspx Unquote Naturally as long as everything is up to date things should be ok. People don't really know that a virus is going to happen before it does do they? From MailScanner at ecs.soton.ac.uk Thu Feb 2 14:56:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 14:56:29 2006 Subject: Beta to latest stable suggestions In-Reply-To: <003701c62807$29664c50$0705000a@DDF5DW71> References: <002301c62777$bc980a30$0705000a@DDF5DW71> <43E130C9.6000906@ecs.soton.ac.uk> <003701c62807$29664c50$0705000a@DDF5DW71> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I don't write MailWatch, I know nothing about MW changes. If you want to see the difference in MailScanner versions 4.50.12 and 4.50.15 then extract the ChangeLogs from them both and compare the files. The only MailWatch-related change to MailScanner is the addition of one extra configuration option "Always Looked Up Last After Batch" which Steve isn't using yet, but will do in the future. On 2 Feb 2006, at 14:44, Steve Campbell wrote: > Mr. Field, > > If you have time, and can elaborate on what the MW changes from > 4.50-12 Beta to 4.50-15 might be, I would appreciate it. I was > having some problems with MW after upgrading, mostly with the > quarantine views, but was not able to track the problem down. > > I will upgrade this afternoon, and there is no urgency to this at > all. I have a work-around. The upgrade will tell me if it fixes the > problem. The Changelog lumps all of the changes for 4.50 into one > section, so I can't really tell the differences. > > Thanks for any reply and no big deal if you deem this a waste of time. > Thanks for the superb efforts you always seem to provide! > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 5:06 PM > Subject: Re: Beta to latest stable suggestions > > >> >> >> Steve Campbell wrote: >>> I had installed the 4.50-12 Beta last week to get the latest >>> configuration file changes. Is there any reason to upgrade to the >>> latest stable? >> If you want to use MailWatch, then yes. There are a few other >> things too. It will be a painless upgrade. >>> Should I have changed the "Minimum Supported Status" in the conf >>> file to 'Beta' for the Beta release, and what are the results of >>> not doing so if I should have changed this? >> No, leave that set to Beta or Supported. >> I'm going to remove that option altogether in the next release, >> it's worthless now. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Idkvw32o+k+q+hAQHyWQf/c/+W02pWhGiJQV+psiNXYOicLfeeR2xW DD0iqwI6YCPsXWLOCQDssyXGvTQ/xaoBCS55mvoluYlU3sOk0mMJcUX0uikesSd6 y1etVkaORm50HlNP0zICNezJArdK2PLOkvO/CYgNT5OBJQKfhSprij0crYFoXyT2 evw2wTgoqohTBTxwrL5RslBnU4JfkJ3M51wbf2dPtgy3XTCzIbN2a4y8QUyK5YYd 7NqRZPJVbuHMSpR38+yNRG36ZALWogdvUF5CDjsph/En2MyB4E5pOQpJmS1ePgAm lKdhIGehMqQk157eIAaLdSRLz7gZBKCJxPs3FfERXVOwzaGau3IHLQ== =AJ+F -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gregg at gbcomputers.com Thu Feb 2 14:56:31 2006 From: gregg at gbcomputers.com (Gregg Berkholtz) Date: Thu Feb 2 14:56:35 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: <6CA19CF5-E8DB-4855-BBC3-3DD2B3D8A136@ecs.soton.ac.uk> References: <20060201182512.GA30959@gbcomputers.com> <43E124E4.6070907@ecs.soton.ac.uk> <20060201220412.GA10311@gbcomputers.com> <6CA19CF5-E8DB-4855-BBC3-3DD2B3D8A136@ecs.soton.ac.uk> Message-ID: <20060202145631.GA7297@gbcomputers.com> perl -v shows: This is perl, v5.6.1 built for i386-linux Though I'm not seeing any errors about =head3, am I just out of luck? Gregg On Thu, Feb 02, 2006 at 09:02:35AM +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > What version of perl are you running? > > On 1 Feb 2006, at 22:04, Gregg Berkholtz wrote: > > > > > ********************************************************************** > > **** > > Perl versions below 5.6.1 are no longer supported by the DBI. > > Perl versions 5.6.x may fail during installation with a complaint > > about the use of =head3 in the pod documentation. > > Press return to continue... > > ********************************************************************** > > **** > > > > On Wed, Feb 01, 2006 at 09:15:16PM +0000, Julian Field wrote: > >> Do > >> > >> perl -MCPAN -e shell > >> install Storable > >> quit > >> > >> Make sure it doesn't start upgrading your entire Perl installation, > >> thump Ctrl-C like crazy if it does! > >> > >> Then try running the install.sh again. > >> > >> Gregg Berkholtz wrote: > >>> It appears I cant install DBI as I'm getting the following error > >>> after > >>> running > >>> MailScanner's install.sh on a Debian 3.0 system. Any assistance > >>> is greatly > >>> appreciated: > >>> From MailScanner at ecs.soton.ac.uk Thu Feb 2 14:59:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 14:59:47 2006 Subject: New speed benchmark Message-ID: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- I have just done a speed test. Hardware: dual Opteron, 4Gb RAM, SCSI disk. Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, clamavmodule MailScanner setup: default Speed: 770,000 messages per day - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+IeXPw32o+k+q+hAQGlHAgAuD7THLPyItCsQuVwRDvgusrGwYhglW35 Uw6jVEb/23B/Uax/0BL/w4EndQDylMuKUokckkqtiG4526I5tHnkwtRnYCJRhJgk 50XFzh4+Y1Z0wb0i76gH6tz/L50XFir+yKYT5+ZJJHjnaOhag/a/xqiwmVok0MRw YAC8mHPGFvo8QiwTJiSZ8BToGXq5T4FUdxB4Cjz4GXurL+u7+m+ygF3YspI39lUn soxqT93KZwV50I8novXNg0oNHCe+Y43JYJMgDvqdfXABxeYZ82+G26+Zys1n1h9T 72I3wn4NNHYm9F5UMWdaiDcxZFQIODqeK401ITyCN9hEd2CguOGDOg== =16RG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 15:01:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 15:01:22 2006 Subject: Bayes not working after upgrade to 4.50.14 In-Reply-To: <014801c62806$3ccc13c0$a000a8c0@sangria> References: <014801c62806$3ccc13c0$a000a8c0@sangria> Message-ID: <5B20957E-75B6-410A-A499-6F4738C1DA9B@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 14:37, chardlist wrote: > I successfully upgrade to 4.50.14 tonight, I love the new features > especially the hires time reports. > > I've noticed that after the upgrade MailScanner (or spamassassin) > is no > longer paying attention to my spam.assassin.prefs.conf file. The > bayes > database is not being used in the path I've specified, and other > options > I've configured in there, such as bumping the bayes score, > > I'm on a cPanel server so I upgraded using a scripted provided by > www.waytotheweb.com which has been successful for me in the past > and was > adapted for MS 4.50.14 That's about the only unique thing I can > think of > that might make my upgrade a little different. > > My before upgrading my MailScanner.conf file had this value in it: > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > The after the upgrade that directive is not present. Correct. Did you run the install.sh script? If so, you should have a link in /etc/mail/spamassassin/ mailscanner.cf which points to your spam.assassin.prefs.conf. Once that link is in place, then all will work as you expect. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Ieufw32o+k+q+hAQF+owf9Fzvp7mz3Z5DHNNAh+ueqUFmgiyfa2WOE qnKsbg2U4CJO05akj8RvSluGQYdy5l++dOSiFo6MKU+LM+o6TtLLso/HDrvQKN+c EpH7HjNXlQO4iCQIeENMxsLXf9ke1S2Tg1RQqdtvHXDoxVpvYU+Nlt7HrqRPRn4N Xpi8HIJnZd6fBQklZTEtLL72BPHaicxSdic24mEKcVH7iCkU6DBZbyBozYEM3OOq hqxr/rJPpeZJSZ6HSbAYMLGxt228ooNkfIoUU6yF3cTtu9C4eZ3K3VfhkBwidYjk MrjzhpPzquF3RFihCMPKojBHmTjDNE7guN9FFkfgV+gyEX3eshm/jg== =yuzL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 15:15:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 15:15:28 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: <20060202145631.GA7297@gbcomputers.com> References: <20060201182512.GA30959@gbcomputers.com> <43E124E4.6070907@ecs.soton.ac.uk> <20060201220412.GA10311@gbcomputers.com> <6CA19CF5-E8DB-4855-BBC3-3DD2B3D8A136@ecs.soton.ac.uk> <20060202145631.GA7297@gbcomputers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Does your /etc/sysconfig/i18n file mention UTF-8? If so, remove all the ".UTF-8" strings from the file, the logout and log back in again. Then try re-installing that module again. On 2 Feb 2006, at 14:56, Gregg Berkholtz wrote: > perl -v shows: > This is perl, v5.6.1 built for i386-linux > > Though I'm not seeing any errors about =head3, am I just out of luck? > > Gregg > > On Thu, Feb 02, 2006 at 09:02:35AM +0000, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> What version of perl are you running? >> >> On 1 Feb 2006, at 22:04, Gregg Berkholtz wrote: >> >>> >>> ******************************************************************** >>> ** >>> **** >>> Perl versions below 5.6.1 are no longer supported by the DBI. >>> Perl versions 5.6.x may fail during installation with a complaint >>> about the use of =head3 in the pod documentation. >>> Press return to continue... >>> ******************************************************************** >>> ** >>> **** >>> >>> On Wed, Feb 01, 2006 at 09:15:16PM +0000, Julian Field wrote: >>>> Do >>>> >>>> perl -MCPAN -e shell >>>> install Storable >>>> quit >>>> >>>> Make sure it doesn't start upgrading your entire Perl installation, >>>> thump Ctrl-C like crazy if it does! >>>> >>>> Then try running the install.sh again. >>>> >>>> Gregg Berkholtz wrote: >>>>> It appears I cant install DBI as I'm getting the following error >>>>> after >>>>> running >>>>> MailScanner's install.sh on a Debian 3.0 system. Any assistance >>>>> is greatly >>>>> appreciated: >>>>> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+IiBPw32o+k+q+hAQFWSgf/f7lrDPoUkMVsgShQvOaXPDnvbwQSU7D+ BbMKTpU4uC6mHcZnBu0HV74filiZbzOqmn0ezU8nHZWVxkOkgsfV0mwRK5f7vwoy eqvACiufMoEnPuJqEr7jHM+aRIdvnqAY9Kf63GfnAyqCGUTC2jSAIjXUTwA9Ssnd FtPRohv1zSsJCgJchHzqnUmwSTBdHs8iDm7Mt9SPOziDNWnL2ArM2OAtGJT30JEy ULbF/+WoCZQ9vfa5SH9zrA09d90OQHU93+UqHdRNNzvpMK9gSKGA9Q77MpbiuRC0 D5BT27kHYKtQRGqEGd49nAJHeimA1ceD5JJJDaxE8olD0iXxgYVsbQ== =y9Rf -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Feb 2 15:23:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 15:23:29 2006 Subject: Bayes not working after upgrade to 4.50.14 In-Reply-To: <014801c62806$3ccc13c0$a000a8c0@sangria> References: <014801c62806$3ccc13c0$a000a8c0@sangria> Message-ID: <223f97700602020723j795557c4k@mail.gmail.com> On 02/02/06, chardlist wrote: > I successfully upgrade to 4.50.14 tonight, I love the new features > especially the hires time reports. > > I've noticed that after the upgrade MailScanner (or spamassassin) is no > longer paying attention to my spam.assassin.prefs.conf file. The bayes > database is not being used in the path I've specified, and other options > I've configured in there, such as bumping the bayes score, > > I'm on a cPanel server so I upgraded using a scripted provided by > www.waytotheweb.com which has been successful for me in the past and was > adapted for MS 4.50.14 That's about the only unique thing I can think of > that might make my upgrade a little different. > > My before upgrading my MailScanner.conf file had this value in it: > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > The after the upgrade that directive is not present. > > MS 4.50.14 > RH 9 > Exim 4.52 > > Thanks for any help! > > -Brendan > Do you have a symbolic link mailscanner.cf in your site rules directory pointing to spam.assassin.prefs.conf? If not, you need create one. Do spamassassin --lint -D 2>&1 | less and look for the site rules dir, to find out where it is on your system, then ls /path/to/site/rule/dir/mailscanner.cf If that fails, you need do ln -s /path/to/spam.assassin.prefs.conf /path/to/site/rule/dir/mailscanner.cf HTH -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gmatt at nerc.ac.uk Thu Feb 2 15:28:58 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Feb 2 15:29:16 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <1138845529.4025.80.camel@canyon.wittsend.com> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> <43E0D70F.9080804@USherbrooke.ca> <1138845529.4025.80.camel@canyon.wittsend.com> Message-ID: <1138894138.25670.25.camel@lea.nerc-wallingford.ac.uk> On Wed, 2006-02-01 at 20:58 -0500, Michael H. Warfield wrote: > Turns out it's far worse than we imagined. ...... Work in progress... > > ITMT... Turn off "Sign Clean Messages". > yeegads! theres no way I can turn this option off now that it is implemented. I was hoping to upgrade MS from 4.45.4 to 4.50.x pretty soon, looks like this will have to be on hold for a while. Will the fix be announced here or will I have to monitor a perl mailing list somewhere? G > Mike -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From MailScanner at ecs.soton.ac.uk Thu Feb 2 15:33:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 15:33:51 2006 Subject: New speed benchmark In-Reply-To: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> Message-ID: <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- I forgot to add the MTA is sendmail On 2 Feb 2006, at 14:59, Julian Field wrote: > * PGP Signed: 02/02/06 at 14:59:40 > > I have just done a speed test. > Hardware: dual Opteron, 4Gb RAM, SCSI disk. > Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, > clamavmodule > MailScanner setup: default > > Speed: 770,000 messages per day - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+ImVvw32o+k+q+hAQFbhQgAn01bcx/s1UklL5G3PRV10P/UayD6dPfs r4djIV7U8eh166021xJzqQu4CKb85+4n/+PRP2iVvWuxph0Uf9+Uv5wqXzfhSUlG nHjE/SdK93D0B0Prpm7oQm4xaFvU/mncwY5IJg000oO5lVUVqdINNbuqmw6eb8TS +RSlnv3aNcmZ+HAeLDjcwnSyj3wrKZqukJcl+xRI0ZPAz6HOE/Zwh6cM1ZJgoUsK PZ/2xlBgGVdXRK4yexkq75Mk9IqLojGgFUAszmRs9/1pIBu3XqLMFw0RNvXVwj/8 oveWg7FlPAEr3WZgCF13Fhv1DuD/tcRvCuiYXGcZVKOo9DTOjbtUdw== =aZWi -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chardlist at chard.net Thu Feb 2 15:40:10 2006 From: chardlist at chard.net (chardlist) Date: Thu Feb 2 15:40:25 2006 Subject: Bayes not working after upgrade to 4.50.14 In-Reply-To: <5B20957E-75B6-410A-A499-6F4738C1DA9B@ecs.soton.ac.uk> Message-ID: <015001c6280e$f52fc6c0$a000a8c0@sangria> The script I used to upgrade, (provided by waytotheweb.com) didn't make the link. I have now added it and that did the trick. I'll drop a note to those other folks about the issue. Thanks as always, -Brendan -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 02, 2006 9:01 AM To: MailScanner discussion Subject: Re: Bayes not working after upgrade to 4.50.14 -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 14:37, chardlist wrote: > I successfully upgrade to 4.50.14 tonight, I love the new features > especially the hires time reports. > > I've noticed that after the upgrade MailScanner (or spamassassin) > is no > longer paying attention to my spam.assassin.prefs.conf file. The > bayes > database is not being used in the path I've specified, and other > options > I've configured in there, such as bumping the bayes score, > > I'm on a cPanel server so I upgraded using a scripted provided by > www.waytotheweb.com which has been successful for me in the past > and was > adapted for MS 4.50.14 That's about the only unique thing I can > think of > that might make my upgrade a little different. > > My before upgrading my MailScanner.conf file had this value in it: > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > The after the upgrade that directive is not present. Correct. Did you run the install.sh script? If so, you should have a link in /etc/mail/spamassassin/ mailscanner.cf which points to your spam.assassin.prefs.conf. Once that link is in place, then all will work as you expect. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Ieufw32o+k+q+hAQF+owf9Fzvp7mz3Z5DHNNAh+ueqUFmgiyfa2WOE qnKsbg2U4CJO05akj8RvSluGQYdy5l++dOSiFo6MKU+LM+o6TtLLso/HDrvQKN+c EpH7HjNXlQO4iCQIeENMxsLXf9ke1S2Tg1RQqdtvHXDoxVpvYU+Nlt7HrqRPRn4N Xpi8HIJnZd6fBQklZTEtLL72BPHaicxSdic24mEKcVH7iCkU6DBZbyBozYEM3OOq hqxr/rJPpeZJSZ6HSbAYMLGxt228ooNkfIoUU6yF3cTtu9C4eZ3K3VfhkBwidYjk MrjzhpPzquF3RFihCMPKojBHmTjDNE7guN9FFkfgV+gyEX3eshm/jg== =yuzL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Feb 2 15:50:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 15:50:46 2006 Subject: Bayes not working after upgrade to 4.50.14 In-Reply-To: <015001c6280e$f52fc6c0$a000a8c0@sangria> References: <015001c6280e$f52fc6c0$a000a8c0@sangria> Message-ID: <6F3D5FCA-F2C8-4D2D-A584-9F036B20E0B2@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 15:40, chardlist wrote: > The script I used to upgrade, (provided by waytotheweb.com) didn't > make the > link. I have now added it and that did the trick. Why not just use my script? At least it works. > > I'll drop a note to those other folks about the issue. > > Thanks as always, > > -Brendan > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian > Field > Sent: Thursday, February 02, 2006 9:01 AM > To: MailScanner discussion > Subject: Re: Bayes not working after upgrade to 4.50.14 > > * PGP Signed by an unmatched address: 02/02/06 at 15:01:13 > > On 2 Feb 2006, at 14:37, chardlist wrote: > >> I successfully upgrade to 4.50.14 tonight, I love the new features >> especially the hires time reports. >> >> I've noticed that after the upgrade MailScanner (or spamassassin) >> is no >> longer paying attention to my spam.assassin.prefs.conf file. The >> bayes >> database is not being used in the path I've specified, and other >> options >> I've configured in there, such as bumping the bayes score, >> >> I'm on a cPanel server so I upgraded using a scripted provided by >> www.waytotheweb.com which has been successful for me in the past >> and was >> adapted for MS 4.50.14 That's about the only unique thing I can >> think of >> that might make my upgrade a little different. >> >> My before upgrading my MailScanner.conf file had this value in it: >> >> SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf >> >> The after the upgrade that directive is not present. > > Correct. > Did you run the install.sh script? > > If so, you should have a link in /etc/mail/spamassassin/ > mailscanner.cf which points to your spam.assassin.prefs.conf. > > Once that link is in place, then all will work as you expect. > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > * Julian Field > * 0xA4FAAFA1 (L) > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+IqUPw32o+k+q+hAQFtAQf+P9RZ2uK6Rq9R/f8JFqRBdySjXXC2oGlI HdA9VFsdpUk19zLosI6RGUY7uOf9U5exF7guMVJ98YVmFOV3wncXdb0thv4KEhqs slBS1+K0z1mPN+q8mqe++KRxCZLuv4DMItRnCGJr7qO3XkspuezTcypL/MWJ4hjH Z+Lw7egeF0hDNpGxmqxpMVdeXC078niTXsj5x4auifUFL/gFH1G540ILIZm2PIOi AB3pa54UgplpFabPLNclRNXAND9YjpvIk62ymEuGT5N/s/Sv26WcpRbsl4e2xzGi yAjXbdjWsQF9mG5uy4a5o4eW/WObkaSeeYjOrFAOAjxQzrRupstc3w== =9eW5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gborders at jlewiscooper.com Thu Feb 2 15:51:59 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Thu Feb 2 15:53:39 2006 Subject: OT: Win32/Mywife.E@mm In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15BE3676@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15BE3676@woodenex.woodmaclaw.local> Message-ID: <43E22A9F.80203@jlewiscooper.com> My MS system already caught this bad boy: 01/31/06 03:20:21 dstumpf@mpowercom.com user@example.com Fw: 179.1Kb 0.98 0.00 Virus (Win32.Nyxem.F@mm ) ClamAV and Bitdefender to the rescue! Billy A. Pumphrey wrote: > I got a email from one of my users, always getting "FW:" from them just > like everyone else. This one seemed like one of the better ones where > the information might be actually useful. > > > Quote: > > Please review the following links for information about an extremely > serious new computer virus due to activate February 3, 2006. > > http://www.technologyreview.com/TR/wtr_16222,323,p1.html > > http://www.azcentral.com/news/articles/0127blackworm27-ON.html > > http://www.microsoft.com/technet/security/advisory/904420.mspx > > Unquote > > Naturally as long as everything is up to date things should be ok. > People don't really know that a virus is going to happen before it does > do they? > Only if the bug has a timer/date trigger in them. They get installed, then lie in wait, and BAM do nasty things later. Once detected early, we effectively reverse engineer the virus code, know that the virus will trigger in the future, thus know it's going to happen before. Once users update their scanning softs they can be assured the bug will be eradicated before they trigger. The media is a funny animal, they latch onto these bugs seemingly at random, spreading doom and gloom, when we techs know that new bugs are a daily occurrence, and are quickly and quietly squished by anti-virus community. Greg Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Thu Feb 2 15:55:39 2006 From: dave.list at pixelhammer.com (DAve) Date: Thu Feb 2 15:55:50 2006 Subject: New speed benchmark In-Reply-To: <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> Message-ID: <43E22B7B.3000809@pixelhammer.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I forgot to add the MTA is sendmail > > On 2 Feb 2006, at 14:59, Julian Field wrote: > > >>* PGP Signed: 02/02/06 at 14:59:40 >> >>I have just done a speed test. >>Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>clamavmodule >>MailScanner setup: default >> >>Speed: 770,000 messages per day > > What happens at 780,000 messages a day? DAve From campbell at cnpapers.com Thu Feb 2 16:00:06 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Feb 2 16:01:21 2006 Subject: Beta to latest stable suggestions References: <002301c62777$bc980a30$0705000a@DDF5DW71><43E130C9.6000906@ecs.soton.ac.uk><003701c62807$29664c50$0705000a@DDF5DW71> Message-ID: <013b01c62811$bc9d5360$0705000a@DDF5DW71> Mr. Field, Thanks for the reply and the pointers about the Changelog. The ChangeLog on the website is the file I was referring to, and the RPM based download does not include the ChangeLog. I was just curious and was using resources immediately available. . I realize you don't write MailWatch, but was just wondering about your reference to the fact that if I wanted to use MW, I should upgrade. Again, thanks and I download the tar based versions and compare. Steve ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 9:56 AM Subject: Re: Beta to latest stable suggestions > -----BEGIN PGP SIGNED MESSAGE----- > > I don't write MailWatch, I know nothing about MW changes. > If you want to see the difference in MailScanner versions 4.50.12 and > 4.50.15 then extract the ChangeLogs from them both and compare the > files. > > The only MailWatch-related change to MailScanner is the addition of > one extra configuration option "Always Looked Up Last After Batch" > which Steve isn't using yet, but will do in the future. > > On 2 Feb 2006, at 14:44, Steve Campbell wrote: > >> Mr. Field, >> >> If you have time, and can elaborate on what the MW changes from >> 4.50-12 Beta to 4.50-15 might be, I would appreciate it. I was >> having some problems with MW after upgrading, mostly with the >> quarantine views, but was not able to track the problem down. >> >> I will upgrade this afternoon, and there is no urgency to this at >> all. I have a work-around. The upgrade will tell me if it fixes the >> problem. The Changelog lumps all of the changes for 4.50 into one >> section, so I can't really tell the differences. >> >> Thanks for any reply and no big deal if you deem this a waste of time. >> Thanks for the superb efforts you always seem to provide! >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> ----- Original Message ----- From: "Julian Field" >> >> To: "MailScanner discussion" >> Sent: Wednesday, February 01, 2006 5:06 PM >> Subject: Re: Beta to latest stable suggestions >> >> >>> >>> >>> Steve Campbell wrote: >>>> I had installed the 4.50-12 Beta last week to get the latest >>>> configuration file changes. Is there any reason to upgrade to the >>>> latest stable? >>> If you want to use MailWatch, then yes. There are a few other >>> things too. It will be a painless upgrade. >>>> Should I have changed the "Minimum Supported Status" in the conf >>>> file to 'Beta' for the Beta release, and what are the results of >>>> not doing so if I should have changed this? >>> No, leave that set to Beta or Supported. >>> I'm going to remove that option altogether in the next release, >>> it's worthless now. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+Idkvw32o+k+q+hAQHyWQf/c/+W02pWhGiJQV+psiNXYOicLfeeR2xW > DD0iqwI6YCPsXWLOCQDssyXGvTQ/xaoBCS55mvoluYlU3sOk0mMJcUX0uikesSd6 > y1etVkaORm50HlNP0zICNezJArdK2PLOkvO/CYgNT5OBJQKfhSprij0crYFoXyT2 > evw2wTgoqohTBTxwrL5RslBnU4JfkJ3M51wbf2dPtgy3XTCzIbN2a4y8QUyK5YYd > 7NqRZPJVbuHMSpR38+yNRG36ZALWogdvUF5CDjsph/En2MyB4E5pOQpJmS1ePgAm > lKdhIGehMqQk157eIAaLdSRLz7gZBKCJxPs3FfERXVOwzaGau3IHLQ== > =AJ+F > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Feb 2 16:08:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 16:08:34 2006 Subject: New speed benchmark In-Reply-To: <43E22B7B.3000809@pixelhammer.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 15:55, DAve wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> I forgot to add the MTA is sendmail >> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>> Old Signed: 02/02/06 at 14:59:40 >>> >>> I have just done a speed test. >>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>> clamavmodule >>> MailScanner setup: default >>> >>> Speed: 770,000 messages per day > > What happens at 780,000 messages a day? Over the space of 1 day you will end the day with 10,000 messages sat in the incoming queue. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Iud/w32o+k+q+hAQFRAQf/XNyBd/BOLOo1oMdvLR5lkgE0+cDqOSjv HhV7mMb4BW8zAcuu7fsvubwz+kOds7OCiR1krIBrLuFdAByw1FqY5MxJ3ZS+5KVD nsgZbVpulIkQIoYziiXUaJXJHo3Z4a84zFSrv80e8M0cEFndums+VVD01gPdBmyR biRZtNAiZVEczLEI+fjn1GtPnN+sMETdy9ZIX/wfdrVaX3p27HzxQ4Zw0R01zXaD t65TrtX1kNzUjtP7RBs+xOzE0DI3zZBQ3OhLw14FYgNOF840ZUJQy7EfBKKTNVYV Kgt4cj/QQ9uUIeKaT+ng+mlgb7+ACTYOgyuF1sApCkcFn2nwPtjZlA== =RsIm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Thu Feb 2 16:08:36 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Feb 2 16:08:44 2006 Subject: ALL_TRUSTED problems In-Reply-To: <43E1596B.40101@evi-inc.com> References: <223f97700602011640o2eea2318y@mail.gmail.com> <43E1596B.40101@evi-inc.com> Message-ID: <6.2.3.4.0.20060202105138.0abb6248@mxt.1bigthink.com> At 07:59 PM 2/1/2006, you wrote: >Glenn Steen wrote: > > On 01/02/06, Richard Edge wrote: > >> If I change the line: > >> > >> Score ALL_TRUSTED 0 > >> > >> To: > >> > >> core ALL_TRUSTED > >> > >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" > >> gives me a: > >> > >> [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0 > >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled > >> for more information > >> > > > > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " > > too? You shouldn't need use it as a preference file > straws:-)> anymore, since it should be part of the site rules... A > > plain "spamassassin --lint" should suffice. > > > >Erm, what on earth is mailscanner.cf doing in /etc/mail/?? > >it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other >directory containing the word "spamassassin" depending on how your >SA is configured. > >Realistically you should *NEVER*, EVER under any condition use -p to point to >any site-level file. It should only point to a user level file. > >Mailscanner.cf is NOT a user level file. > >The whole reason mailscanner.cf was created was to ensure it was NOT used as a >user prefs file. mailscanner.cf contains options that are ONLY valid at the >site-wide level. Do NOT pass this -p. It belongs in the SA >site-config directory >so SA always parses it, and to make sure that SA correctly parses it. > >If it's not in the site config directory, SA won't parse it when >mailscanner runs. > >New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs file, >thus by adding -p you are changing the behavior of spamassassin to >be different >than what Mailscanner does with it. > >I know this is contrary to how old versions of MS worked. In old versions, >spam.assassin.prefs.conf was passed as a user_prefs replacement. However, This >file kept pushing options in which are only valid at the site level. It also >pushed options such as bayes_path which need to be passed to all >instances of sa >on the system, such as sa-learn. > >After some prodding, Julian finally created MailScanner.cf, a file >to be placed >alongside local.cf and other site-wide config files. This way any call to SA >automatically parses this file. > This is what got my pulse going yesterday and prompted me to join the thread! This plopped into my personal mail address and the only reason it did not get tagged was due to the ALL_TRUSTED rule. Subject: [#yruxdjtp] Shaved Teen Bending from Over & Showing Upskirt Movies MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-1bigthink.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.917, required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HOT_NASTY 0.09, SARE_ADULT2 1.67, URIBL_JP_SURBL 4.00, URIBL_WS_SURBL 1.46) I operate on Sprint public IP space that is not NAT'd. I am priviledged to answer my own PTR - RDNS. No gateway. I do not have any trusted hosts defined. Here is the output of my ' spamassassin --lint -D' debug: SpamAssassin version 3.0.3 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/kerberos/sbin', keeping. debug: PATH included '/usr/kerberos/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/root/bin', which doesn't exist, dropping. debug: Final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: diag: module installed: DBI, version 1.32 debug: diag: module installed: DB_File, version 1.810 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.2 debug: diag: module installed: MIME::Base64, version 2.12 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module not installed: Razor2::Client::Agent ('require' failed) debug: diag: module installed: Storable, version 2.06 debug: diag: module installed: URI, version 1.35 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf debug: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf debug: config: read file /etc/mail/spamassassin/70_sare_header.cf debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf debug: config: read file /etc/mail/spamassassin/70_sare_html.cf debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf debug: config: read file /etc/mail/spamassassin/70_sare_random.cf debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf debug: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: config: read file /etc/mail/spamassassin/tripwire.cf debug: using "/root/.spamassassin" for user state dir debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: config: read file /root/.spamassassin/user_prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) implements 'parse_config' debug: using "/root/.spamassassin" for user state dir debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: using "/root/.spamassassin" for user state dir debug: Score set 3 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) implements 'parsed_metadata' debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: trying (3) gmx.net... debug: looking up NS for 'gmx.net' debug: NS lookup of gmx.net succeeded => Dns available (set dns_available to hardcode) debug: is DNS available? 1 debug: decoding: no encoding detected debug: URIDNSBL: domains to query: debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: running body-text per-line regexp tests; score so far=-3.174 debug: running uri tests; score so far=-3.174 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)) debug: bayes corpus size: nspam = 4620, nham = 408 debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org" debug: tokenize: header tokens for *m = " 1138895936 lint_rules " debug: tokenize: header tokens for *RT = " " debug: tokenize: header tokens for *RU = " " debug: bayes token 'body' => 0.946350853491789 debug: bayes token 'H*Ad:D*org' => 0.0946204880029939 debug: bayes: score = 0.429821922703648 debug: bayes: 28513 untie-ing debug: bayes: 28513 untie-ing db_toks debug: bayes: 28513 untie-ing db_seen debug: Razor2 is not available debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-3.173 debug: running full-text regexp tests; score so far=-3.173 debug: Razor2 is not available debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: Pyzor is not available: pyzor not found debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: Running tests for priority: 500 debug: RBL: success for 1 of 1 queries debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) implements 'check_post_dnsbl' debug: running meta tests; score so far=-3.173 debug: running header regexp tests; score so far=-1.947 debug: running body-text per-line regexp tests; score so far=-1.947 debug: running uri tests; score so far=-1.947 debug: running raw-body-text per-line regexp tests; score so far=-1.947 debug: running full-text regexp tests; score so far=-1.947 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.947 debug: running header regexp tests; score so far=-1.947 debug: using "/root/.spamassassin" for user state dir debug: lock: 28513 created /root/.spamassassin/auto-whitelist.lock.mxt.1bigthink.com.28513 debug: lock: 28513 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries debug: lock: 28513 link to /root/.spamassassin/auto-whitelist.lock: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: -1.947, autolearn score: -1.947, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 28513 unlink /root/.spamassassin/auto-whitelist.lock debug: Post AWL score: -1.947 debug: running body-text per-line regexp tests; score so far=-1.947 debug: running uri tests; score so far=-1.947 debug: running raw-body-text per-line regexp tests; score so far=-1.947 debug: running full-text regexp tests; score so far=-1.947 debug: is spam? score=-1.947 required=4.57 debug: tests=ALL_TRUSTED,BAYES_50,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID Any advice greatly appreciated. Comments to the effect that this messagewas a fluke at getting by would be acceptable at this point too. I think I do understand the issue a lot better, now. Thanks, Glenn Parsons From MailScanner at ecs.soton.ac.uk Thu Feb 2 16:10:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 16:10:30 2006 Subject: Beta to latest stable suggestions In-Reply-To: <013b01c62811$bc9d5360$0705000a@DDF5DW71> References: <002301c62777$bc980a30$0705000a@DDF5DW71><43E130C9.6000906@ecs.soton.ac.uk><003701c62807$29664c50$0705000a@DDF5DW71> <013b01c62811$bc9d5360$0705000a@DDF5DW71> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 16:00, Steve Campbell wrote: > Mr. Field, > > Thanks for the reply and the pointers about the Changelog. The > ChangeLog on the website is the file I was referring to, and the > RPM based download does not include the ChangeLog. Yes it does. /usr/share/doc/mailscanner-4.50.12/html/ChangeLog > I was just curious and was using resources immediately available. > . > I realize you don't write MailWatch, but was just wondering about > your reference to the fact that if I wanted to use MW, I should > upgrade. > > Again, thanks and I download the tar based versions and compare. > > Steve > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Thursday, February 02, 2006 9:56 AM > Subject: Re: Beta to latest stable suggestions > > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I don't write MailWatch, I know nothing about MW changes. >> If you want to see the difference in MailScanner versions 4.50.12 and >> 4.50.15 then extract the ChangeLogs from them both and compare the >> files. >> >> The only MailWatch-related change to MailScanner is the addition of >> one extra configuration option "Always Looked Up Last After Batch" >> which Steve isn't using yet, but will do in the future. >> >> On 2 Feb 2006, at 14:44, Steve Campbell wrote: >> >>> Mr. Field, >>> >>> If you have time, and can elaborate on what the MW changes from >>> 4.50-12 Beta to 4.50-15 might be, I would appreciate it. I was >>> having some problems with MW after upgrading, mostly with the >>> quarantine views, but was not able to track the problem down. >>> >>> I will upgrade this afternoon, and there is no urgency to this at >>> all. I have a work-around. The upgrade will tell me if it fixes the >>> problem. The Changelog lumps all of the changes for 4.50 into one >>> section, so I can't really tell the differences. >>> >>> Thanks for any reply and no big deal if you deem this a waste of >>> time. >>> Thanks for the superb efforts you always seem to provide! >>> >>> Steve Campbell >>> campbell@cnpapers.com >>> Charleston Newspapers >>> >>> ----- Original Message ----- From: "Julian Field" >>> >>> To: "MailScanner discussion" >>> Sent: Wednesday, February 01, 2006 5:06 PM >>> Subject: Re: Beta to latest stable suggestions >>> >>> >>>> >>>> >>>> Steve Campbell wrote: >>>>> I had installed the 4.50-12 Beta last week to get the latest >>>>> configuration file changes. Is there any reason to upgrade to the >>>>> latest stable? >>>> If you want to use MailWatch, then yes. There are a few other >>>> things too. It will be a painless upgrade. >>>>> Should I have changed the "Minimum Supported Status" in the conf >>>>> file to 'Beta' for the Beta release, and what are the results of >>>>> not doing so if I should have changed this? >>>> No, leave that set to Beta or Supported. >>>> I'm going to remove that option altogether in the next release, >>>> it's worthless now. >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> >> iQEVAwUBQ+Idkvw32o+k+q+hAQHyWQf/c/+W02pWhGiJQV+psiNXYOicLfeeR2xW >> DD0iqwI6YCPsXWLOCQDssyXGvTQ/xaoBCS55mvoluYlU3sOk0mMJcUX0uikesSd6 >> y1etVkaORm50HlNP0zICNezJArdK2PLOkvO/CYgNT5OBJQKfhSprij0crYFoXyT2 >> evw2wTgoqohTBTxwrL5RslBnU4JfkJ3M51wbf2dPtgy3XTCzIbN2a4y8QUyK5YYd >> 7NqRZPJVbuHMSpR38+yNRG36ZALWogdvUF5CDjsph/En2MyB4E5pOQpJmS1ePgAm >> lKdhIGehMqQk157eIAaLdSRLz7gZBKCJxPs3FfERXVOwzaGau3IHLQ== >> =AJ+F >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Iu6vw32o+k+q+hAQHy3Qf/fy/1/2zl08yNdjJCf+z6FmS0q1R0ZPrb rWNyPOb3MadkjqYY3SmF3aXFvEXe0g3FbFlisg7FHyfI3rgQnjKBdVAhyo1SyVuB pFAdWq6k/TgHSSONcqVElPVh2G7v+1DQ0Y1yYlHAqWTfaYhFSFZFBc/BE/8625ye 4y6vRDATNLE3P75FrfLPkzEVurroF74CoaI33BdQPP7P1rw/wTwktyV/j2a9nWxp 2gm+ibWiM/dMvi0S0W9FLgYxk1VmybbatuOZcEUzQBjM1HYW7dzYgEzc1vIf0Oxd gEhccV6yQGqDxZaeaVNmqgELFm6/TJe6q0xzvIpUm6kQtGhDo7LWdQ== =YpxD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Thu Feb 2 16:32:19 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Feb 2 16:32:54 2006 Subject: Beta to latest stable suggestions References: <002301c62777$bc980a30$0705000a@DDF5DW71><43E130C9.6000906@ecs.soton.ac.uk><003701c62807$29664c50$0705000a@DDF5DW71><013b01c62811$bc9d5360$0705000a@DDF5DW71> Message-ID: <001001c62816$3e184f90$0705000a@DDF5DW71> ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 11:10 AM Subject: Re: Beta to latest stable suggestions > -----BEGIN PGP SIGNED MESSAGE----- > > > On 2 Feb 2006, at 16:00, Steve Campbell wrote: > >> Mr. Field, >> >> Thanks for the reply and the pointers about the Changelog. The >> ChangeLog on the website is the file I was referring to, and the >> RPM based download does not include the ChangeLog. > > Yes it does. > /usr/share/doc/mailscanner-4.50.12/html/ChangeLog > > Apologies to you. I (ain't that always the way it seems) was using the wrong locate/grep combination. Steve >> I was just curious and was using resources immediately available. >> . >> I realize you don't write MailWatch, but was just wondering about >> your reference to the fact that if I wanted to use MW, I should >> upgrade. >> >> Again, thanks and I download the tar based versions and compare. >> >> Steve >> >> ----- Original Message ----- From: "Julian Field" >> >> To: "MailScanner discussion" >> Sent: Thursday, February 02, 2006 9:56 AM >> Subject: Re: Beta to latest stable suggestions >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> I don't write MailWatch, I know nothing about MW changes. >>> If you want to see the difference in MailScanner versions 4.50.12 and >>> 4.50.15 then extract the ChangeLogs from them both and compare the >>> files. >>> >>> The only MailWatch-related change to MailScanner is the addition of >>> one extra configuration option "Always Looked Up Last After Batch" >>> which Steve isn't using yet, but will do in the future. >>> >>> On 2 Feb 2006, at 14:44, Steve Campbell wrote: >>> >>>> Mr. Field, >>>> >>>> If you have time, and can elaborate on what the MW changes from >>>> 4.50-12 Beta to 4.50-15 might be, I would appreciate it. I was >>>> having some problems with MW after upgrading, mostly with the >>>> quarantine views, but was not able to track the problem down. >>>> >>>> I will upgrade this afternoon, and there is no urgency to this at >>>> all. I have a work-around. The upgrade will tell me if it fixes the >>>> problem. The Changelog lumps all of the changes for 4.50 into one >>>> section, so I can't really tell the differences. >>>> >>>> Thanks for any reply and no big deal if you deem this a waste of >>>> time. >>>> Thanks for the superb efforts you always seem to provide! >>>> >>>> Steve Campbell >>>> campbell@cnpapers.com >>>> Charleston Newspapers >>>> >>>> ----- Original Message ----- From: "Julian Field" >>>> >>>> To: "MailScanner discussion" >>>> Sent: Wednesday, February 01, 2006 5:06 PM >>>> Subject: Re: Beta to latest stable suggestions >>>> >>>> >>>>> >>>>> >>>>> Steve Campbell wrote: >>>>>> I had installed the 4.50-12 Beta last week to get the latest >>>>>> configuration file changes. Is there any reason to upgrade to the >>>>>> latest stable? >>>>> If you want to use MailWatch, then yes. There are a few other >>>>> things too. It will be a painless upgrade. >>>>>> Should I have changed the "Minimum Supported Status" in the conf >>>>>> file to 'Beta' for the Beta release, and what are the results of >>>>>> not doing so if I should have changed this? >>>>> No, leave that set to Beta or Supported. >>>>> I'm going to remove that option altogether in the next release, >>>>> it's worthless now. >>>>> >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Professional Support Services at www.MailScanner.biz >>>>> MailScanner thanks transtec Computers for their support >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> - -- Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.4 (Build 4042) >>> >>> iQEVAwUBQ+Idkvw32o+k+q+hAQHyWQf/c/+W02pWhGiJQV+psiNXYOicLfeeR2xW >>> DD0iqwI6YCPsXWLOCQDssyXGvTQ/xaoBCS55mvoluYlU3sOk0mMJcUX0uikesSd6 >>> y1etVkaORm50HlNP0zICNezJArdK2PLOkvO/CYgNT5OBJQKfhSprij0crYFoXyT2 >>> evw2wTgoqohTBTxwrL5RslBnU4JfkJ3M51wbf2dPtgy3XTCzIbN2a4y8QUyK5YYd >>> 7NqRZPJVbuHMSpR38+yNRG36ZALWogdvUF5CDjsph/En2MyB4E5pOQpJmS1ePgAm >>> lKdhIGehMqQk157eIAaLdSRLz7gZBKCJxPs3FfERXVOwzaGau3IHLQ== >>> =AJ+F >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+Iu6vw32o+k+q+hAQHy3Qf/fy/1/2zl08yNdjJCf+z6FmS0q1R0ZPrb > rWNyPOb3MadkjqYY3SmF3aXFvEXe0g3FbFlisg7FHyfI3rgQnjKBdVAhyo1SyVuB > pFAdWq6k/TgHSSONcqVElPVh2G7v+1DQ0Y1yYlHAqWTfaYhFSFZFBc/BE/8625ye > 4y6vRDATNLE3P75FrfLPkzEVurroF74CoaI33BdQPP7P1rw/wTwktyV/j2a9nWxp > 2gm+ibWiM/dMvi0S0W9FLgYxk1VmybbatuOZcEUzQBjM1HYW7dzYgEzc1vIf0Oxd > gEhccV6yQGqDxZaeaVNmqgELFm6/TJe6q0xzvIpUm6kQtGhDo7LWdQ== > =YpxD > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gregg at gbcomputers.com Thu Feb 2 16:33:54 2006 From: gregg at gbcomputers.com (Gregg Berkholtz) Date: Thu Feb 2 16:33:57 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: References: <20060201182512.GA30959@gbcomputers.com> <43E124E4.6070907@ecs.soton.ac.uk> <20060201220412.GA10311@gbcomputers.com> <6CA19CF5-E8DB-4855-BBC3-3DD2B3D8A136@ecs.soton.ac.uk> <20060202145631.GA7297@gbcomputers.com> Message-ID: <20060202163354.GA9631@gbcomputers.com> I don't have a /etc/sysconfig folder, though a "find / -name i18n" shows a file at /usr/share/i18n/locales/i18n, nothing in it has the string UTF Gregg On Thu, Feb 02, 2006 at 03:15:14PM +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Does your /etc/sysconfig/i18n file mention UTF-8? > If so, remove all the ".UTF-8" strings from the file, the logout and > log back in again. Then try re-installing that module again. > > On 2 Feb 2006, at 14:56, Gregg Berkholtz wrote: > > > perl -v shows: > > This is perl, v5.6.1 built for i386-linux > > > > Though I'm not seeing any errors about =head3, am I just out of luck? > > > > Gregg > > > > On Thu, Feb 02, 2006 at 09:02:35AM +0000, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> What version of perl are you running? > >> > >> On 1 Feb 2006, at 22:04, Gregg Berkholtz wrote: > >> > >>> > >>> ******************************************************************** > >>> ** > >>> **** > >>> Perl versions below 5.6.1 are no longer supported by the DBI. > >>> Perl versions 5.6.x may fail during installation with a complaint > >>> about the use of =head3 in the pod documentation. > >>> Press return to continue... > >>> ******************************************************************** > >>> ** > >>> **** > >>> > >>> On Wed, Feb 01, 2006 at 09:15:16PM +0000, Julian Field wrote: > >>>> Do > >>>> > >>>> perl -MCPAN -e shell > >>>> install Storable > >>>> quit > >>>> > >>>> Make sure it doesn't start upgrading your entire Perl installation, > >>>> thump Ctrl-C like crazy if it does! > >>>> > >>>> Then try running the install.sh again. > >>>> > >>>> Gregg Berkholtz wrote: > >>>>> It appears I cant install DBI as I'm getting the following error > >>>>> after > >>>>> running > >>>>> MailScanner's install.sh on a Debian 3.0 system. Any assistance > >>>>> is greatly > >>>>> appreciated: > >>>>> From ssilva at sgvwater.com Thu Feb 2 17:02:53 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 17:08:42 2006 Subject: ALL_TRUSTED problems In-Reply-To: <6.2.3.4.0.20060202105138.0abb6248@mxt.1bigthink.com> References: <223f97700602011640o2eea2318y@mail.gmail.com> <43E1596B.40101@evi-inc.com> <6.2.3.4.0.20060202105138.0abb6248@mxt.1bigthink.com> Message-ID: dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: > At 07:59 PM 2/1/2006, you wrote: > >> Glenn Steen wrote: >> > On 01/02/06, Richard Edge wrote: >> >> If I change the line: >> >> >> >> Score ALL_TRUSTED 0 >> >> >> >> To: >> >> >> >> core ALL_TRUSTED >> >> >> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" >> >> gives me a: >> >> >> >> [22778] warn: config: failed to parse line, skipping: core >> ALL_TRUSTED 0 >> >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled >> >> for more information >> >> >> > >> > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " >> > too? You shouldn't need use it as a preference file> > straws:-)> anymore, since it should be part of the site rules... A >> > plain "spamassassin --lint" should suffice. >> > >> >> Erm, what on earth is mailscanner.cf doing in /etc/mail/?? >> >> it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other >> directory containing the word "spamassassin" depending on how your SA >> is configured. >> >> Realistically you should *NEVER*, EVER under any condition use -p to >> point to >> any site-level file. It should only point to a user level file. >> >> Mailscanner.cf is NOT a user level file. >> >> The whole reason mailscanner.cf was created was to ensure it was NOT >> used as a >> user prefs file. mailscanner.cf contains options that are ONLY valid >> at the >> site-wide level. Do NOT pass this -p. It belongs in the SA site-config >> directory >> so SA always parses it, and to make sure that SA correctly parses it. >> >> If it's not in the site config directory, SA won't parse it when >> mailscanner runs. >> >> New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs >> file, >> thus by adding -p you are changing the behavior of spamassassin to be >> different >> than what Mailscanner does with it. >> >> I know this is contrary to how old versions of MS worked. In old >> versions, >> spam.assassin.prefs.conf was passed as a user_prefs replacement. >> However, This >> file kept pushing options in which are only valid at the site level. >> It also >> pushed options such as bayes_path which need to be passed to all >> instances of sa >> on the system, such as sa-learn. >> >> After some prodding, Julian finally created MailScanner.cf, a file to >> be placed >> alongside local.cf and other site-wide config files. This way any call >> to SA >> automatically parses this file. >> > > This is what got my pulse going yesterday and prompted me to join the > thread! This plopped into my personal mail address and the only reason > it did not get tagged was due to the ALL_TRUSTED rule. > > Subject: [#yruxdjtp] Shaved Teen Bending from Over & Showing Upskirt > Movies > MIME-Version: 1.0 > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: 7bit > > X-1bigthink.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.917, > required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HOT_NASTY 0.09, > SARE_ADULT2 1.67, URIBL_JP_SURBL 4.00, URIBL_WS_SURBL 1.46) > > I operate on Sprint public IP space that is not NAT'd. I am priviledged > to answer my own PTR - RDNS. No gateway. > > I do not have any trusted hosts defined. Here is the output of my ' > spamassassin --lint -D' > > debug: SpamAssassin version 3.0.3 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/kerberos/sbin', keeping. > debug: PATH included '/usr/kerberos/bin', keeping. > debug: PATH included '/usr/local/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/usr/X11R6/bin', keeping. > debug: PATH included '/root/bin', which doesn't exist, dropping. > debug: Final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > debug: diag: module installed: DBI, version 1.32 > debug: diag: module installed: DB_File, version 1.810 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.2 > debug: diag: module installed: MIME::Base64, version 2.12 > debug: diag: module installed: Net::DNS, version 0.48 > debug: diag: module not installed: Net::LDAP ('require' failed) > debug: diag: module not installed: Razor2::Client::Agent ('require' failed) > debug: diag: module installed: Storable, version 2.06 > debug: diag: module installed: URI, version 1.35 > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: using "/etc/mail/spamassassin" for site rules dir > debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf > debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > debug: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf > debug: config: read file /etc/mail/spamassassin/70_sare_header.cf > debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf > debug: config: read file /etc/mail/spamassassin/70_sare_html.cf > debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf > debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf > debug: config: read file /etc/mail/spamassassin/70_sare_random.cf > debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf > debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf > debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf > debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf > debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf > debug: config: read file > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf > debug: config: read file /etc/mail/spamassassin/local.cf > debug: config: read file /etc/mail/spamassassin/tripwire.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/root/.spamassassin/user_prefs" for user prefs file > debug: config: read file /root/.spamassassin/user_prefs > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) > implements 'parse_config' > debug: using "/root/.spamassassin" for user state dir > debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: Score set 3 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > implements 'parsed_metadata' > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.48 > debug: trying (3) gmx.net... > debug: looking up NS for 'gmx.net' > debug: NS lookup of gmx.net succeeded => Dns available (set > dns_available to hardcode) > debug: is DNS available? 1 > debug: decoding: no encoding detected > debug: URIDNSBL: domains to query: > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: registering glue method for check_for_spf_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: running body-text per-line regexp tests; score so far=-3.174 > debug: running uri tests; score so far=-3.174 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)) > debug: bayes corpus size: nspam = 4620, nham = 408 > debug: tokenize: header tokens for *F = "U*ignore > D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org > D*org" > debug: tokenize: header tokens for *m = " 1138895936 lint_rules " > debug: tokenize: header tokens for *RT = " " > debug: tokenize: header tokens for *RU = " " > debug: bayes token 'body' => 0.946350853491789 > debug: bayes token 'H*Ad:D*org' => 0.0946204880029939 > debug: bayes: score = 0.429821922703648 > debug: bayes: 28513 untie-ing > debug: bayes: 28513 untie-ing db_toks > debug: bayes: 28513 untie-ing db_seen > debug: Razor2 is not available > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=-3.173 > debug: running full-text regexp tests; score so far=-3.173 > debug: Razor2 is not available > debug: Current PATH is: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > debug: Pyzor is not available: pyzor not found > debug: DCCifd is not available: no r/w dccifd socket found. > debug: DCC is not available: no executable dccproc found. > debug: Running tests for priority: 500 > debug: RBL: success for 1 of 1 queries > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=-3.173 > debug: running header regexp tests; score so far=-1.947 > debug: running body-text per-line regexp tests; score so far=-1.947 > debug: running uri tests; score so far=-1.947 > debug: running raw-body-text per-line regexp tests; score so far=-1.947 > debug: running full-text regexp tests; score so far=-1.947 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=-1.947 > debug: running header regexp tests; score so far=-1.947 > debug: using "/root/.spamassassin" for user state dir > debug: lock: 28513 created > /root/.spamassassin/auto-whitelist.lock.mxt.1bigthink.com.28513 > debug: lock: 28513 trying to get lock on > /root/.spamassassin/auto-whitelist with 0 retries > debug: lock: 28513 link to /root/.spamassassin/auto-whitelist.lock: link ok > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > debug: auto-whitelist (db-based): > ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 > debug: AWL active, pre-score: -1.947, autolearn score: -1.947, mean: > undef, IP: undef > debug: DB addr list: untie-ing and unlocking. > debug: DB addr list: file locked, breaking lock. > debug: unlock: 28513 unlink /root/.spamassassin/auto-whitelist.lock > debug: Post AWL score: -1.947 > debug: running body-text per-line regexp tests; score so far=-1.947 > debug: running uri tests; score so far=-1.947 > debug: running raw-body-text per-line regexp tests; score so far=-1.947 > debug: running full-text regexp tests; score so far=-1.947 > debug: is spam? score=-1.947 required=4.57 > debug: > tests=ALL_TRUSTED,BAYES_50,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME > debug: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > > > Any advice greatly appreciated. Comments to the effect that this > messagewas a fluke at getting by would be acceptable at this point too. > I think I do understand the issue a lot better, now. > > Thanks, > Glenn Parsons Have you considered upgrading to spamassassin 3.1.0? Maybe a munged file in spamassassin, and the upgrade might kick it into submission. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dmehler26 at woh.rr.com Thu Feb 2 17:06:12 2006 From: dmehler26 at woh.rr.com (Dave) Date: Thu Feb 2 17:15:25 2006 Subject: mailscanner and perdomain white and blacklists References: <003f01c62787$c3f61370$0200a8c0@satellite> <43E157B3.3060109@taz-mania.com> Message-ID: <002701c6281a$f8ca5c30$0200a8c0@satellite> Hi, Thanks for your reply. I'm taking over this box from a previous guy, mailwatch might already be setup, mysql is although i don't know if it's integrated in to mailscanner, about ten things are flagged first. Do you have a howto on setting mailscanner, mailwatch, and mysql up? I'm particularly needing the how individual users can manage their own lists part? Thanks a lot. Dave. ----- Original Message ----- From: "Dennis Willson" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 7:52 PM Subject: Re: mailscanner and perdomain white and blacklists > Try using mailwatch.... It does this very nicely and uses a mysql database > for the white and black lists. There is even a way for the users to manage > their own lists. > > Dave wrote: >> Hello, >> I've got a mailscanner install with sendmail. It's working fine and >> it's working for multiple users. Now i'm getting requests from user a to >> add a username/domain to a blacklist file and user b to add another >> username/domain to a whitelist file. These i'm thinking should be >> separate as they are separate domains. This is on an fc4 box. Is this >> doable, any help appreciated. >> Thanks. >> Dave. >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Thu Feb 2 17:09:49 2006 From: dmehler26 at woh.rr.com (Dave) Date: Thu Feb 2 17:19:05 2006 Subject: mailscanner and perdomain white and blacklists References: <003f01c62787$c3f61370$0200a8c0@satellite> <46930868-3367-42BE-91FD-75B47F99B677@ecs.soton.ac.uk> Message-ID: <002b01c6281b$79cb1c20$0200a8c0@satellite> Hi Julian, Thanks for your reply. I haven't had a moment yet to check out that boxes mailscanner.conf except except just a quick overview of the mta-specific settings. Can the spam whitelists and blacklists be used on a perdomain basis? For example, i've got domain1.com and domain2.com. The user at domain1.com wants a user added to his spam whitelist while the user at domain2.com wants a spammer added to his spam blacklist. Ideally i believe these users at domain 1 and 2 .com want independent lists. Thanks a lot. Dave. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 4:09 AM Subject: Re: mailscanner and perdomain white and blacklists > -----BEGIN PGP SIGNED MESSAGE----- > > On 1 Feb 2006, at 23:32, Dave wrote: > >> Hello, >> I've got a mailscanner install with sendmail. It's working fine >> and it's working for multiple users. Now i'm getting requests from >> user a to add a username/domain to a blacklist file and user b to >> add another username/domain to a whitelist file. These i'm thinking >> should be separate as they are separate domains. This is on an fc4 >> box. Is this doable, any help appreciated. >> Thanks. >> Dave. > > Blacklist or whitelist in what sense? You basically just need a > couple of rulesets, one for your blacklist and one for your > whitelist. There is already a spam.whitelist.rules which you can use > as a sample from which to create and use a spam.blacklist.rules file. > Look in MailScanner.conf for spam.whitelist.rules and you will see > how to refer a setting to a rules file. > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo > ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX > vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH > D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO > rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 > uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== > =2N0u > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Feb 2 17:28:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 17:28:44 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <002b01c6281b$79cb1c20$0200a8c0@satellite> References: <003f01c62787$c3f61370$0200a8c0@satellite> <46930868-3367-42BE-91FD-75B47F99B677@ecs.soton.ac.uk> <002b01c6281b$79cb1c20$0200a8c0@satellite> Message-ID: <43E2414A.90901@ecs.soton.ac.uk> There is code to do this in CustomConfig.pm in /usr/lib/MailScanner/MailScanner. There is documentation in there that will tell you how to enable the code and how to set everything up for it. Look for the Per-Domain whitelist and blacklist code and you'll find it, there is code in the same file for other add-on features as well. If you have trouble setting it up or getting it basically working, then give me a shout (possibly on IRC) and I'll try to help where I can. It's not hard, you don't have to write any code or anything to make it all work :-) Dave wrote: > Hi Julian, > Thanks for your reply. I haven't had a moment yet to check out that > boxes mailscanner.conf except except just a quick overview of the > mta-specific settings. Can the spam whitelists and blacklists be used > on a perdomain basis? For example, i've got domain1.com and > domain2.com. The user at domain1.com wants a user added to his spam > whitelist while the user at domain2.com wants a spammer added to his > spam blacklist. Ideally i believe these users at domain 1 and 2 .com > want independent lists. > Thanks a lot. > Dave. > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Thursday, February 02, 2006 4:09 AM > Subject: Re: mailscanner and perdomain white and blacklists > > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> On 1 Feb 2006, at 23:32, Dave wrote: >> >>> Hello, >>> I've got a mailscanner install with sendmail. It's working fine >>> and it's working for multiple users. Now i'm getting requests from >>> user a to add a username/domain to a blacklist file and user b to >>> add another username/domain to a whitelist file. These i'm thinking >>> should be separate as they are separate domains. This is on an fc4 >>> box. Is this doable, any help appreciated. >>> Thanks. >>> Dave. >> >> Blacklist or whitelist in what sense? You basically just need a >> couple of rulesets, one for your blacklist and one for your >> whitelist. There is already a spam.whitelist.rules which you can use >> as a sample from which to create and use a spam.blacklist.rules file. >> Look in MailScanner.conf for spam.whitelist.rules and you will see >> how to refer a setting to a rules file. >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> >> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo >> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX >> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH >> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO >> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 >> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== >> =2N0u >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Thu Feb 2 17:42:33 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Feb 2 17:42:39 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <43E2414A.90901@ecs.soton.ac.uk> References: <003f01c62787$c3f61370$0200a8c0@satellite> <002b01c6281b$79cb1c20$0200a8c0@satellite> <43E2414A.90901@ecs.soton.ac.uk> Message-ID: <200602021242.34319.dyioulos@firstbhph.com> Julian, I hope this isn't a totally lame question, but can the directives "Is Definitely Not Spam" and Is Definitely Not Spam" take more than one argument (point to multiple sources? Here's why: I have one colleague who emails me regularly from outside our system. ?His mail is marked as spam (listed in RBL, although his ISP doesn't seem to show up in RBLs). ?I want to whitelist him/exclude him from being scanned. ?I'm using SQLWhiteBlackList.pm, and it works for individual ip addresses. ?I also added a tweak to white/blacklist addresses based on the first three address octets, but I'm not sure it that works. ?As my colleague's ISP uses several mail servers to send his mail, it's problematic to try and add every possible mail server address to the whitelist. ?I've tried adding his email address and our domain to the whitelist, but that doesn't seem to work. ?I also created a file in the MailScanner rules dir called scan.messages.rules, added him, and set Scan Messages = %rules_dir%/scan.messages.rules in MailScanner, but no joy. How do I accomplish this? Regards, Dimitri PS - I cross-posted this to the Mailwatch list because I wasn't sure which was appropriate - apologies if I boo-booed. On Thursday February 02 2006 12:28 pm, Julian Field wrote: > There is code to do this in CustomConfig.pm in > /usr/lib/MailScanner/MailScanner. There is documentation in there that > will tell you how to enable the code and how to set everything up for > it. Look for the Per-Domain whitelist and blacklist code and you'll find > it, there is code in the same file for other add-on features as well. > > If you have trouble setting it up or getting it basically working, then > give me a shout (possibly on IRC) and I'll try to help where I can. > > It's not hard, you don't have to write any code or anything to make it > all work > > :-) > > Dave wrote: > > Hi Julian, > > Thanks for your reply. I haven't had a moment yet to check out that > > boxes mailscanner.conf except except just a quick overview of the > > mta-specific settings. Can the spam whitelists and blacklists be used > > on a perdomain basis? For example, i've got domain1.com and > > domain2.com. The user at domain1.com wants a user added to his spam > > whitelist while the user at domain2.com wants a spammer added to his > > spam blacklist. Ideally i believe these users at domain 1 and 2 .com > > want independent lists. > > Thanks a lot. > > Dave. > > > > ----- Original Message ----- From: "Julian Field" > > > > To: "MailScanner discussion" > > Sent: Thursday, February 02, 2006 4:09 AM > > Subject: Re: mailscanner and perdomain white and blacklists > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> On 1 Feb 2006, at 23:32, Dave wrote: > >>> Hello, > >>> I've got a mailscanner install with sendmail. It's working fine > >>> and it's working for multiple users. Now i'm getting requests from > >>> user a to add a username/domain to a blacklist file and user b to > >>> add another username/domain to a whitelist file. These i'm thinking > >>> should be separate as they are separate domains. This is on an fc4 > >>> box. Is this doable, any help appreciated. > >>> Thanks. > >>> Dave. > >> > >> Blacklist or whitelist in what sense? You basically just need a > >> couple of rulesets, one for your blacklist and one for your > >> whitelist. There is already a spam.whitelist.rules which you can use > >> as a sample from which to create and use a spam.blacklist.rules file. > >> Look in MailScanner.conf for spam.whitelist.rules and you will see > >> how to refer a setting to a rules file. > >> - -- Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.0.4 (Build 4042) > >> > >> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo > >> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX > >> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH > >> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO > >> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 > >> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== > >> =2N0u > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 17:50:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 17:50:09 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <200602021242.34319.dyioulos@firstbhph.com> References: <003f01c62787$c3f61370$0200a8c0@satellite> <002b01c6281b$79cb1c20$0200a8c0@satellite> <43E2414A.90901@ecs.soton.ac.uk> <200602021242.34319.dyioulos@firstbhph.com> Message-ID: <43E24649.4000105@ecs.soton.ac.uk> Dimitri Yioulos wrote: > Julian, > > I hope this isn't a totally lame question, but can the directives "Is > Definitely Not Spam" and Is Definitely Not Spam" take more than one argument > (point to multiple sources? Here's why: > You can do From: friend@nicesite.com and 152.34. yes into a ruleset. Does that help? If not, I don't quite understand what you are getting at. > I have one colleague who emails me regularly from outside our system. His > mail is marked as spam (listed in RBL, although his ISP doesn't seem to show > up in RBLs). I want to whitelist him/exclude him from being scanned. I'm > using SQLWhiteBlackList.pm, and it works for individual ip addresses. I also > added a tweak to white/blacklist addresses based on the first three address > octets, but I'm not sure it that works. As my colleague's ISP uses several > mail servers to send his mail, it's problematic to try and add every possible > mail server address to the whitelist. I've tried adding his email address > and our domain to the whitelist, but that doesn't seem to work. I also > created a file in the MailScanner rules dir called scan.messages.rules, added > him, and set Scan Messages = %rules_dir%/scan.messages.rules in MailScanner, > but no joy. > > How do I accomplish this? > > Regards, > > Dimitri > > PS - I cross-posted this to the Mailwatch list because I wasn't sure which was > appropriate - apologies if I boo-booed. > > > On Thursday February 02 2006 12:28 pm, Julian Field wrote: > >> There is code to do this in CustomConfig.pm in >> /usr/lib/MailScanner/MailScanner. There is documentation in there that >> will tell you how to enable the code and how to set everything up for >> it. Look for the Per-Domain whitelist and blacklist code and you'll find >> it, there is code in the same file for other add-on features as well. >> >> If you have trouble setting it up or getting it basically working, then >> give me a shout (possibly on IRC) and I'll try to help where I can. >> >> It's not hard, you don't have to write any code or anything to make it >> all work >> >> :-) >> >> Dave wrote: >> >>> Hi Julian, >>> Thanks for your reply. I haven't had a moment yet to check out that >>> boxes mailscanner.conf except except just a quick overview of the >>> mta-specific settings. Can the spam whitelists and blacklists be used >>> on a perdomain basis? For example, i've got domain1.com and >>> domain2.com. The user at domain1.com wants a user added to his spam >>> whitelist while the user at domain2.com wants a spammer added to his >>> spam blacklist. Ideally i believe these users at domain 1 and 2 .com >>> want independent lists. >>> Thanks a lot. >>> Dave. >>> >>> ----- Original Message ----- From: "Julian Field" >>> >>> To: "MailScanner discussion" >>> Sent: Thursday, February 02, 2006 4:09 AM >>> Subject: Re: mailscanner and perdomain white and blacklists >>> >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>> On 1 Feb 2006, at 23:32, Dave wrote: >>>> >>>>> Hello, >>>>> I've got a mailscanner install with sendmail. It's working fine >>>>> and it's working for multiple users. Now i'm getting requests from >>>>> user a to add a username/domain to a blacklist file and user b to >>>>> add another username/domain to a whitelist file. These i'm thinking >>>>> should be separate as they are separate domains. This is on an fc4 >>>>> box. Is this doable, any help appreciated. >>>>> Thanks. >>>>> Dave. >>>>> >>>> Blacklist or whitelist in what sense? You basically just need a >>>> couple of rulesets, one for your blacklist and one for your >>>> whitelist. There is already a spam.whitelist.rules which you can use >>>> as a sample from which to create and use a spam.blacklist.rules file. >>>> Look in MailScanner.conf for spam.whitelist.rules and you will see >>>> how to refer a setting to a rules file. >>>> - -- Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: PGP Desktop 9.0.4 (Build 4042) >>>> >>>> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo >>>> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX >>>> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH >>>> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO >>>> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 >>>> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== >>>> =2N0u >>>> -----END PGP SIGNATURE----- >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Thu Feb 2 17:56:28 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Feb 2 17:56:35 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: <223f97700602011640o2eea2318y@mail.gmail.com> <43E1596B.40101@evi-inc.com> <6.2.3.4.0.20060202105138.0abb6248@mxt.1bigthink.com> Message-ID: <6.2.3.4.0.20060202125523.07bbbd60@mxt.1bigthink.com> At 12:02 PM 2/2/2006, you wrote: >dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: > > At 07:59 PM 2/1/2006, you wrote: > > > >> Glenn Steen wrote: > >> > On 01/02/06, Richard Edge wrote: > >> >> If I change the line: > >> >> > >> >> Score ALL_TRUSTED 0 > >> >> > >> >> To: > >> >> > >> >> core ALL_TRUSTED > >> >> > >> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" > >> >> gives me a: > >> >> > >> >> [22778] warn: config: failed to parse line, skipping: core > >> ALL_TRUSTED 0 > >> >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled > >> >> for more information > >> >> > >> > > >> > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " > >> > too? You shouldn't need use it as a preference file >> > straws:-)> anymore, since it should be part of the site rules... A > >> > plain "spamassassin --lint" should suffice. > >> > > >> > >> Erm, what on earth is mailscanner.cf doing in /etc/mail/?? > >> > >> it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other > >> directory containing the word "spamassassin" depending on how your SA > >> is configured. > >> > >> Realistically you should *NEVER*, EVER under any condition use -p to > >> point to > >> any site-level file. It should only point to a user level file. > >> > >> Mailscanner.cf is NOT a user level file. > >> > >> The whole reason mailscanner.cf was created was to ensure it was NOT > >> used as a > >> user prefs file. mailscanner.cf contains options that are ONLY valid > >> at the > >> site-wide level. Do NOT pass this -p. It belongs in the SA site-config > >> directory > >> so SA always parses it, and to make sure that SA correctly parses it. > >> > >> If it's not in the site config directory, SA won't parse it when > >> mailscanner runs. > >> > >> New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs > >> file, > >> thus by adding -p you are changing the behavior of spamassassin to be > >> different > >> than what Mailscanner does with it. > >> > >> I know this is contrary to how old versions of MS worked. In old > >> versions, > >> spam.assassin.prefs.conf was passed as a user_prefs replacement. > >> However, This > >> file kept pushing options in which are only valid at the site level. > >> It also > >> pushed options such as bayes_path which need to be passed to all > >> instances of sa > >> on the system, such as sa-learn. > >> > >> After some prodding, Julian finally created MailScanner.cf, a file to > >> be placed > >> alongside local.cf and other site-wide config files. This way any call > >> to SA > >> automatically parses this file. > >> > > > > This is what got my pulse going yesterday and prompted me to join the > > thread! This plopped into my personal mail address and the only reason > > it did not get tagged was due to the ALL_TRUSTED rule. > > > > Subject: [#yruxdjtp] Shaved Teen Bending from Over & Showing Upskirt > > Movies > > MIME-Version: 1.0 > > Content-Type: text/plain; charset="iso-8859-1" > > Content-Transfer-Encoding: 7bit > > > > X-1bigthink.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.917, > > required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HOT_NASTY 0.09, > > SARE_ADULT2 1.67, URIBL_JP_SURBL 4.00, URIBL_WS_SURBL 1.46) > > > > I operate on Sprint public IP space that is not NAT'd. I am priviledged > > to answer my own PTR - RDNS. No gateway. > > > > I do not have any trusted hosts defined. Here is the output of my ' > > spamassassin --lint -D' > > > > debug: SpamAssassin version 3.0.3 > > debug: Score set 0 chosen. > > debug: running in taint mode? yes > > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > > debug: PATH included '/usr/kerberos/sbin', keeping. > > debug: PATH included '/usr/kerberos/bin', keeping. > > debug: PATH included '/usr/local/sbin', keeping. > > debug: PATH included '/usr/local/bin', keeping. > > debug: PATH included '/sbin', keeping. > > debug: PATH included '/bin', keeping. > > debug: PATH included '/usr/sbin', keeping. > > debug: PATH included '/usr/bin', keeping. > > debug: PATH included '/usr/X11R6/bin', keeping. > > debug: PATH included '/root/bin', which doesn't exist, dropping. > > debug: Final PATH set to: > > > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > > > debug: diag: module installed: DBI, version 1.32 > > debug: diag: module installed: DB_File, version 1.810 > > debug: diag: module installed: Digest::SHA1, version 2.10 > > debug: diag: module installed: IO::Socket::UNIX, version 1.2 > > debug: diag: module installed: MIME::Base64, version 2.12 > > debug: diag: module installed: Net::DNS, version 0.48 > > debug: diag: module not installed: Net::LDAP ('require' failed) > > debug: diag: module not installed: Razor2::Client::Agent ('require' failed) > > debug: diag: module installed: Storable, version 2.06 > > debug: diag: module installed: URI, version 1.35 > > debug: ignore: using a test message to lint rules > > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > > debug: config: read file /etc/mail/spamassassin/init.pre > > debug: using "/usr/share/spamassassin" for default rules dir > > debug: config: read file /usr/share/spamassassin/10_misc.cf > > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > > debug: config: read file /usr/share/spamassassin/20_compensate.cf > > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > > debug: config: read file /usr/share/spamassassin/20_drugs.cf > > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > > debug: config: read file /usr/share/spamassassin/20_phrases.cf > > debug: config: read file /usr/share/spamassassin/20_porn.cf > > debug: config: read file /usr/share/spamassassin/20_ratware.cf > > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > > debug: config: read file /usr/share/spamassassin/23_bayes.cf > > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > > debug: config: read file /usr/share/spamassassin/25_spf.cf > > debug: config: read file /usr/share/spamassassin/25_uribl.cf > > debug: config: read file /usr/share/spamassassin/30_text_de.cf > > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > > debug: config: read file /usr/share/spamassassin/50_scores.cf > > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > > debug: using "/etc/mail/spamassassin" for site rules dir > > debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_header.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_html.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_random.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf > > debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf > > debug: config: read file > > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > > debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf > > debug: config: read file /etc/mail/spamassassin/local.cf > > debug: config: read file /etc/mail/spamassassin/tripwire.cf > > debug: using "/root/.spamassassin" for user state dir > > debug: using "/root/.spamassassin/user_prefs" for user prefs file > > debug: config: read file /root/.spamassassin/user_prefs > > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > > debug: plugin: registered > > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > > debug: plugin: registered > > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) > > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78) > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > > implements 'parse_config' > > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) > > implements 'parse_config' > > debug: using "/root/.spamassassin" for user state dir > > debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > > debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > > debug: bayes: found bayes db version 3 > > debug: using "/root/.spamassassin" for user state dir > > debug: Score set 3 chosen. > > debug: ---- MIME PARSER START ---- > > debug: main message type: text/plain > > debug: parsing normal part > > debug: added part, type: text/plain > > debug: ---- MIME PARSER END ---- > > debug: metadata: X-Spam-Relays-Trusted: > > debug: metadata: X-Spam-Relays-Untrusted: > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > > implements 'parsed_metadata' > > debug: is Net::DNS::Resolver available? yes > > debug: Net::DNS version: 0.48 > > debug: trying (3) gmx.net... > > debug: looking up NS for 'gmx.net' > > debug: NS lookup of gmx.net succeeded => Dns available (set > > dns_available to hardcode) > > debug: is DNS available? 1 > > debug: decoding: no encoding detected > > debug: URIDNSBL: domains to query: > > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > > debug: Running tests for priority: 0 > > debug: running header regexp tests; score so far=0 > > debug: registering glue method for check_hashcash_double_spend > > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) > > debug: registering glue method for check_for_spf_helo_pass > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: SPF: message was delivered entirely via trusted relays, not required > > debug: registering glue method for check_hashcash_value > > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) > > debug: all '*To' addrs: > > debug: registering glue method for check_for_spf_softfail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: SPF: message was delivered entirely via trusted relays, not required > > debug: registering glue method for check_for_spf_pass > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: registering glue method for check_for_spf_helo_softfail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: registering glue method for check_for_spf_fail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: registering glue method for check_for_spf_helo_fail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: running body-text per-line regexp tests; score so far=-3.174 > > debug: running uri tests; score so far=-3.174 > > debug: registering glue method for check_uridnsbl > > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)) > > debug: bayes corpus size: nspam = 4620, nham = 408 > > debug: tokenize: header tokens for *F = "U*ignore > > D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org > > D*org" > > debug: tokenize: header tokens for *m = " 1138895936 lint_rules " > > debug: tokenize: header tokens for *RT = " " > > debug: tokenize: header tokens for *RU = " " > > debug: bayes token 'body' => 0.946350853491789 > > debug: bayes token 'H*Ad:D*org' => 0.0946204880029939 > > debug: bayes: score = 0.429821922703648 > > debug: bayes: 28513 untie-ing > > debug: bayes: 28513 untie-ing db_toks > > debug: bayes: 28513 untie-ing db_seen > > debug: Razor2 is not available > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > > implements 'check_tick' > > debug: running raw-body-text per-line regexp tests; score so far=-3.173 > > debug: running full-text regexp tests; score so far=-3.173 > > debug: Razor2 is not available > > debug: Current PATH is: > > > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > > > debug: Pyzor is not available: pyzor not found > > debug: DCCifd is not available: no r/w dccifd socket found. > > debug: DCC is not available: no executable dccproc found. > > debug: Running tests for priority: 500 > > debug: RBL: success for 1 of 1 queries > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > > implements 'check_post_dnsbl' > > debug: running meta tests; score so far=-3.173 > > debug: running header regexp tests; score so far=-1.947 > > debug: running body-text per-line regexp tests; score so far=-1.947 > > debug: running uri tests; score so far=-1.947 > > debug: running raw-body-text per-line regexp tests; score so far=-1.947 > > debug: running full-text regexp tests; score so far=-1.947 > > debug: Running tests for priority: 1000 > > debug: running meta tests; score so far=-1.947 > > debug: running header regexp tests; score so far=-1.947 > > debug: using "/root/.spamassassin" for user state dir > > debug: lock: 28513 created > > /root/.spamassassin/auto-whitelist.lock.mxt.1bigthink.com.28513 > > debug: lock: 28513 trying to get lock on > > /root/.spamassassin/auto-whitelist with 0 retries > > debug: lock: 28513 link to /root/.spamassassin/auto-whitelist.lock: link ok > > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > > debug: auto-whitelist (db-based): > > ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 > > debug: AWL active, pre-score: -1.947, autolearn score: -1.947, mean: > > undef, IP: undef > > debug: DB addr list: untie-ing and unlocking. > > debug: DB addr list: file locked, breaking lock. > > debug: unlock: 28513 unlink /root/.spamassassin/auto-whitelist.lock > > debug: Post AWL score: -1.947 > > debug: running body-text per-line regexp tests; score so far=-1.947 > > debug: running uri tests; score so far=-1.947 > > debug: running raw-body-text per-line regexp tests; score so far=-1.947 > > debug: running full-text regexp tests; score so far=-1.947 > > debug: is spam? score=-1.947 required=4.57 > > debug: > > tests=ALL_TRUSTED,BAYES_50,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME > > debug: > > > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > > > > > > Any advice greatly appreciated. Comments to the effect that this > > messagewas a fluke at getting by would be acceptable at this point too. > > I think I do understand the issue a lot better, now. > > > > Thanks, > > Glenn Parsons >Have you considered upgrading to spamassassin 3.1.0? >Maybe a munged file in spamassassin, and the upgrade might kick it into >submission. > I intended to upgrade SpamAssassin with MailScanner 4.50 this weekend. Glenn Parsons From dyioulos at firstbhph.com Thu Feb 2 18:04:56 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Feb 2 18:05:00 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <43E24649.4000105@ecs.soton.ac.uk> References: <003f01c62787$c3f61370$0200a8c0@satellite> <200602021242.34319.dyioulos@firstbhph.com> <43E24649.4000105@ecs.soton.ac.uk> Message-ID: <200602021304.56736.dyioulos@firstbhph.com> Sorry for the apparent lack of clarity. As I said, I'm using Mailwatch's SQLBlackWhiteList.pm, so my MailScanner.Conf "Is Definitely Not Spam = &SQLWhitelist" and "Is Definitely Spam = &SQLBlacklist". Without cauisng MS to barf , can I do something like: Is Definitely Not Spam = &SQLWhitelist %rules-dir/spam.whitelist.rules or Is Definitely Not Spam = &SQLWhitelist Is Definitely Not Spam = %rules-dir/spam.whitelist.rules If not, how do I continue to use SQLBlackWhiteList.pm and "supplement" it with another whitelist? Dimitri On Thursday February 02 2006 12:50 pm, Julian Field wrote: > Dimitri Yioulos wrote: > > Julian, > > > > I hope this isn't a totally lame question, but can the directives "Is > > Definitely Not Spam" and Is Definitely Not Spam" take more than one > > argument (point to multiple sources? Here's why: > > You can do > From: friend@nicesite.com and 152.34. yes > into a ruleset. > > Does that help? > If not, I don't quite understand what you are getting at. > > > I have one colleague who emails me regularly from outside our system. > > His mail is marked as spam (listed in RBL, although his ISP doesn't seem > > to show up in RBLs). I want to whitelist him/exclude him from being > > scanned. I'm using SQLWhiteBlackList.pm, and it works for individual ip > > addresses. I also added a tweak to white/blacklist addresses based on > > the first three address octets, but I'm not sure it that works. As my > > colleague's ISP uses several mail servers to send his mail, it's > > problematic to try and add every possible mail server address to the > > whitelist. I've tried adding his email address and our domain to the > > whitelist, but that doesn't seem to work. I also created a file in the > > MailScanner rules dir called scan.messages.rules, added him, and set Scan > > Messages = %rules_dir%/scan.messages.rules in MailScanner, but no joy. > > > > How do I accomplish this? > > > > Regards, > > > > Dimitri > > > > PS - I cross-posted this to the Mailwatch list because I wasn't sure > > which was appropriate - apologies if I boo-booed. > > > > On Thursday February 02 2006 12:28 pm, Julian Field wrote: > >> There is code to do this in CustomConfig.pm in > >> /usr/lib/MailScanner/MailScanner. There is documentation in there that > >> will tell you how to enable the code and how to set everything up for > >> it. Look for the Per-Domain whitelist and blacklist code and you'll find > >> it, there is code in the same file for other add-on features as well. > >> > >> If you have trouble setting it up or getting it basically working, then > >> give me a shout (possibly on IRC) and I'll try to help where I can. > >> > >> It's not hard, you don't have to write any code or anything to make it > >> all work > >> > >> :-) > >> > >> Dave wrote: > >>> Hi Julian, > >>> Thanks for your reply. I haven't had a moment yet to check out that > >>> boxes mailscanner.conf except except just a quick overview of the > >>> mta-specific settings. Can the spam whitelists and blacklists be used > >>> on a perdomain basis? For example, i've got domain1.com and > >>> domain2.com. The user at domain1.com wants a user added to his spam > >>> whitelist while the user at domain2.com wants a spammer added to his > >>> spam blacklist. Ideally i believe these users at domain 1 and 2 .com > >>> want independent lists. > >>> Thanks a lot. > >>> Dave. > >>> > >>> ----- Original Message ----- From: "Julian Field" > >>> > >>> To: "MailScanner discussion" > >>> Sent: Thursday, February 02, 2006 4:09 AM > >>> Subject: Re: mailscanner and perdomain white and blacklists > >>> > >>>> -----BEGIN PGP SIGNED MESSAGE----- > >>>> > >>>> On 1 Feb 2006, at 23:32, Dave wrote: > >>>>> Hello, > >>>>> I've got a mailscanner install with sendmail. It's working fine > >>>>> and it's working for multiple users. Now i'm getting requests from > >>>>> user a to add a username/domain to a blacklist file and user b to > >>>>> add another username/domain to a whitelist file. These i'm thinking > >>>>> should be separate as they are separate domains. This is on an fc4 > >>>>> box. Is this doable, any help appreciated. > >>>>> Thanks. > >>>>> Dave. > >>>> > >>>> Blacklist or whitelist in what sense? You basically just need a > >>>> couple of rulesets, one for your blacklist and one for your > >>>> whitelist. There is already a spam.whitelist.rules which you can use > >>>> as a sample from which to create and use a spam.blacklist.rules file. > >>>> Look in MailScanner.conf for spam.whitelist.rules and you will see > >>>> how to refer a setting to a rules file. > >>>> - -- Julian Field > >>>> www.MailScanner.info > >>>> Buy the MailScanner book at www.MailScanner.info/store > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>> > >>>> > >>>> -----BEGIN PGP SIGNATURE----- > >>>> Version: PGP Desktop 9.0.4 (Build 4042) > >>>> > >>>> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo > >>>> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX > >>>> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH > >>>> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO > >>>> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 > >>>> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== > >>>> =2N0u > >>>> -----END PGP SIGNATURE----- > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >> > >> -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> Professional Support Services at www.MailScanner.biz > >> MailScanner thanks transtec Computers for their support > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Thu Feb 2 18:09:24 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 2 18:09:29 2006 Subject: Downloading the latest update :-) In-Reply-To: <77EB9F6B-9FC6-48BE-B4CD-DD5BF130880F@ecs.soton.ac.uk> References: <43E12132.5060402@haigmail.com> <43E1293C.5020503@ecs.soton.ac.uk> <43E12D2E.2070106@haigmail.com> <77EB9F6B-9FC6-48BE-B4CD-DD5BF130880F@ecs.soton.ac.uk> Message-ID: <43E24AD4.7050108@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Julian, I checked the file and the problem was a space instead of a tab I fixed that and now the error about line 19 is gone Lance Julian Field wrote: > On 1 Feb 2006, at 21:50, Lance Haig wrote: > >>> * PGP Signed by an unknown key: 02/01/06 at 21:50:38 >>> >>> I have an error in my Mailscanner --lint command >>> >>> mailhost:~ # MailScanner --lint >>> Possible syntax error on line 19 of /etc/MailScanner/ >>> filename.rules.conf >>> at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 >>> Remember to separate fields with tab characters! at >>> /usr/lib/MailScanner/MailScanner/Config.pm line 1276 >>> Read 710 hostnames from the phishing whitelist >>> Config: calling custom init function SQLBlacklist >>> Config: calling custom init function MailWatchLogging >>> Config: calling custom init function SQLWhitelist >>> Checking SpamAssassin errors (if you use it), this may take some >>> time... >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> SpamAssassin reported no errors. >>> >>> MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" >>> Found these virus scanners installed: bitdefender, clamavmodule >>> >>> I have checked the file and all fields are seperated by tabs so I am a >>> bit confused. >>> >>> Can anyone shed some light? > > Exactly what does line 19 of that file say? > >>> Lance >>> >>> Julian Field wrote: >>>> Lance Haig wrote: >>>>> Is it easier to download the SA clam package from Julians site to >>>>> update >>>>> clam or would it be better to just update clam from the clam site? >>>>> >>>>> I don't want to lose the clamavmodule part of the install as I >>>>> have had >>>>> problems installing it in the past. >>>>> >>>>> I have SA 3.1 and Clamav 87 on suse 9.3 >>>>> >>>> I would do my package. It will upgrade Clam then rebuild Mail::ClamAV >>>> and link it against the Clam it just built. >>>> More reliable in my view. >>>> >>>> I don't like building perl modules that call C libraries without >>>> knowing >>>> I had the latest C library when it was linked together. >>>> >>> * Unknown Key >>> * 0x8059EB58 (L) >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4krUM4kHBIBZ61gRAhQWAKCAP+VjvfaQF2eOLBShTE93zDhe6ACgliaW Q3T0XDA0RJ3/c3pGamRv9S4= =+uSf -----END PGP SIGNATURE----- From lhaig at haigmail.com Thu Feb 2 18:12:12 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 2 18:12:16 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: References: <43E1382D.8010603@haigmail.com> Message-ID: <43E24B7C.6020908@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Julian, this is where it stops Thanks Lance [7877] dbg: rules: running body-text per-line regexp tests; score so far=2.906 [7877] dbg: uri: running uri tests; score so far=2.906 [7877] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.906 [7877] dbg: rules: running full-text regexp tests; score so far=2.906 [7877] dbg: check: is spam? score=2.906 required=5 [7877] dbg: check: tests=MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [7877] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [7877] dbg: bayes: untie-ing [7877] dbg: bayes: untie-ing db_toks [7877] dbg: bayes: untie-ing db_seen Julian Field wrote: > > On 1 Feb 2006, at 22:37, Lance Haig wrote: > >>> * PGP Signed by an unknown key: 02/01/06 at 22:37:33 >>> >>> I have a problem after upgrading. >>> >>> My MS is very slow processing mail. I have sent test text messages to >>> the system and they take between 28 to 31 seconds to process >>> >>> here is a snippet of the log Can anyone lead me in the right direction >>> to see why this is so low? > > I would suspect a SpamAssassin problem. > Run > MailScanner --debug --debug-sa > and see if it pauses anywhere at all. > >>> Thanks >>> >>> Lance >>> >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 >>> messages >>> waiting >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 >>> messages, 2009 bytes >>> Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting >>> Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content >>> Scanning: >>> Starting >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 >>> messages >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in >>> 27.65 seconds >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message >>> k11MuMV5003084 to SQL >>> Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" >>> took >>> 0.00 seconds >>> Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: >>> to=, delay=00:00:28, xdelay=00:00:00, >>> mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], >>> dsn=2.0.0, stat=Sent (OK) >>> Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to >>> MailWatch SQL >>> Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content >>> Scanning: >>> Starting >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 >>> messages >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in >>> 34.43 seconds >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message >>> k11MuM6S003085 to SQL >>> Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" >>> took >>> 0.00 seconds >>> Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to >>> MailWatch SQL >>> Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: >>> to=, delay=00:00:37, xdelay=00:00:01, >>> mailer=esmtp, >>> pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> from=, size=4772, >>> class=-30, >>> nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, >>> daemon=MTA, >>> relay=bkserver.blacknight.ie [83.98.166.45] >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> to=, delay=00:00:00, mailer=esmtp, pri=88772, >>> stat=queued >>> Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 >>> messages, 5347 bytes >>> Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> spam >>> in language translation file /etc/MailScanner/reports/en/ >>> languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> notspam in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time >>> reached >>> Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist >>> Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries >>> Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from >>> 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is >>> whitelisted >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> unreadablearchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> passwordedarchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> archivetoodeep in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 >>> messages >>> Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 >>> seconds >>> Feb 1 22:57:20 mailhost MailScanner[993]: Logging message >>> k11MvIXH003138 to SQL >>> Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" >>> took >>> 0.00 seconds >>> Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to >>> MailWatch SQL >>> Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: >>> to=, delay=00:00:02, xdelay=00:00:00, >>> mailer=esmtp, >>> pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) >>> >>> * Unknown Key >>> * 0x8059EB58 (L) >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4kt8M4kHBIBZ61gRApLpAJ9S7YmVvHcUVtUlH9USw3hzWoMQCACfX8s6 xpYM9EZOT3t3LRM3hWawolY= =wY+S -----END PGP SIGNATURE----- From ssilva at sgvwater.com Thu Feb 2 18:18:34 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 18:19:00 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <43E1382D.8010603@haigmail.com> References: <43E1382D.8010603@haigmail.com> Message-ID: Lance Haig spake the following on 2/1/2006 2:37 PM: > I have a problem after upgrading. > > My MS is very slow processing mail. I have sent test text messages to > the system and they take between 28 to 31 seconds to process > > here is a snippet of the log Can anyone lead me in the right direction > to see why this is so low? > > Thanks > > Lance > > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages > waiting > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 > messages, 2009 bytes > Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting > Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: > Starting > Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages > Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds > Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message > k11MuMV5003084 to SQL > Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: > to=, delay=00:00:28, xdelay=00:00:00, > mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], > dsn=2.0.0, stat=Sent (OK) > Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to > MailWatch SQL > Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: > Starting > Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages > Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds > Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message > k11MuM6S003085 to SQL > Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to > MailWatch SQL > Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: > to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, > pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > from=, size=4772, class=-30, > nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, > relay=bkserver.blacknight.ie [83.98.166.45] > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > to=, delay=00:00:00, mailer=esmtp, pri=88772, > stat=queued > Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 > messages, 5347 bytes > Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam > in language translation file /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > notspam in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached > Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist > Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries > Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from > 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: > Starting > Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages > Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds > Feb 1 22:57:20 mailhost MailScanner[993]: Logging message > k11MvIXH003138 to SQL > Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to > MailWatch SQL > Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: > to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, > pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) One problem I see is either an old or no file /etc/MailScanner/reports/en/languages.conf. See if this is either a 0 length file, or if you have a /etc/MailScanner/reports/en/languages.conf.rpmnew file. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Feb 2 18:21:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 18:21:14 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <200602021304.56736.dyioulos@firstbhph.com> References: <003f01c62787$c3f61370$0200a8c0@satellite> <200602021242.34319.dyioulos@firstbhph.com> <43E24649.4000105@ecs.soton.ac.uk> <200602021304.56736.dyioulos@firstbhph.com> Message-ID: <43E24D98.4060402@ecs.soton.ac.uk> Dimitri Yioulos wrote: > Sorry for the apparent lack of clarity. > > As I said, I'm using Mailwatch's SQLBlackWhiteList.pm, so my MailScanner.Conf > "Is Definitely Not Spam = &SQLWhitelist" and "Is Definitely Spam = > &SQLBlacklist". Without cauisng MS to barf , can I do something like: > > Is Definitely Not Spam = &SQLWhitelist %rules-dir/spam.whitelist.rules > > or > > Is Definitely Not Spam = &SQLWhitelist > Is Definitely Not Spam = %rules-dir/spam.whitelist.rules > > No. > If not, how do I continue to use SQLBlackWhiteList.pm and "supplement" it with > another whitelist? > Without writing a bit of code, you can't. sorry. > Dimitri > > > On Thursday February 02 2006 12:50 pm, Julian Field wrote: > >> Dimitri Yioulos wrote: >> >>> Julian, >>> >>> I hope this isn't a totally lame question, but can the directives "Is >>> Definitely Not Spam" and Is Definitely Not Spam" take more than one >>> argument (point to multiple sources? Here's why: >>> >> You can do >> From: friend@nicesite.com and 152.34. yes >> into a ruleset. >> >> Does that help? >> If not, I don't quite understand what you are getting at. >> >> >>> I have one colleague who emails me regularly from outside our system. >>> His mail is marked as spam (listed in RBL, although his ISP doesn't seem >>> to show up in RBLs). I want to whitelist him/exclude him from being >>> scanned. I'm using SQLWhiteBlackList.pm, and it works for individual ip >>> addresses. I also added a tweak to white/blacklist addresses based on >>> the first three address octets, but I'm not sure it that works. As my >>> colleague's ISP uses several mail servers to send his mail, it's >>> problematic to try and add every possible mail server address to the >>> whitelist. I've tried adding his email address and our domain to the >>> whitelist, but that doesn't seem to work. I also created a file in the >>> MailScanner rules dir called scan.messages.rules, added him, and set Scan >>> Messages = %rules_dir%/scan.messages.rules in MailScanner, but no joy. >>> >>> How do I accomplish this? >>> >>> Regards, >>> >>> Dimitri >>> >>> PS - I cross-posted this to the Mailwatch list because I wasn't sure >>> which was appropriate - apologies if I boo-booed. >>> >>> On Thursday February 02 2006 12:28 pm, Julian Field wrote: >>> >>>> There is code to do this in CustomConfig.pm in >>>> /usr/lib/MailScanner/MailScanner. There is documentation in there that >>>> will tell you how to enable the code and how to set everything up for >>>> it. Look for the Per-Domain whitelist and blacklist code and you'll find >>>> it, there is code in the same file for other add-on features as well. >>>> >>>> If you have trouble setting it up or getting it basically working, then >>>> give me a shout (possibly on IRC) and I'll try to help where I can. >>>> >>>> It's not hard, you don't have to write any code or anything to make it >>>> all work >>>> >>>> :-) >>>> >>>> Dave wrote: >>>> >>>>> Hi Julian, >>>>> Thanks for your reply. I haven't had a moment yet to check out that >>>>> boxes mailscanner.conf except except just a quick overview of the >>>>> mta-specific settings. Can the spam whitelists and blacklists be used >>>>> on a perdomain basis? For example, i've got domain1.com and >>>>> domain2.com. The user at domain1.com wants a user added to his spam >>>>> whitelist while the user at domain2.com wants a spammer added to his >>>>> spam blacklist. Ideally i believe these users at domain 1 and 2 .com >>>>> want independent lists. >>>>> Thanks a lot. >>>>> Dave. >>>>> >>>>> ----- Original Message ----- From: "Julian Field" >>>>> >>>>> To: "MailScanner discussion" >>>>> Sent: Thursday, February 02, 2006 4:09 AM >>>>> Subject: Re: mailscanner and perdomain white and blacklists >>>>> >>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> >>>>>> On 1 Feb 2006, at 23:32, Dave wrote: >>>>>> >>>>>>> Hello, >>>>>>> I've got a mailscanner install with sendmail. It's working fine >>>>>>> and it's working for multiple users. Now i'm getting requests from >>>>>>> user a to add a username/domain to a blacklist file and user b to >>>>>>> add another username/domain to a whitelist file. These i'm thinking >>>>>>> should be separate as they are separate domains. This is on an fc4 >>>>>>> box. Is this doable, any help appreciated. >>>>>>> Thanks. >>>>>>> Dave. >>>>>>> >>>>>> Blacklist or whitelist in what sense? You basically just need a >>>>>> couple of rulesets, one for your blacklist and one for your >>>>>> whitelist. There is already a spam.whitelist.rules which you can use >>>>>> as a sample from which to create and use a spam.blacklist.rules file. >>>>>> Look in MailScanner.conf for spam.whitelist.rules and you will see >>>>>> how to refer a setting to a rules file. >>>>>> - -- Julian Field >>>>>> www.MailScanner.info >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> >>>>>> >>>>>> -----BEGIN PGP SIGNATURE----- >>>>>> Version: PGP Desktop 9.0.4 (Build 4042) >>>>>> >>>>>> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo >>>>>> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX >>>>>> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH >>>>>> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO >>>>>> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 >>>>>> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== >>>>>> =2N0u >>>>>> -----END PGP SIGNATURE----- >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Thu Feb 2 18:34:14 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Feb 2 18:34:27 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: <223f97700602011640o2eea2318y@mail.gmail.com> <43E1596B.40101@evi-inc.com> <6.2.3.4.0.20060202105138.0abb6248@mxt.1bigthink.com> Message-ID: <43E250A6.8020706@evi-inc.com> Scott Silva wrote: > dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: >> At 07:59 PM 2/1/2006, you wrote: >> >> debug: SpamAssassin version 3.0.3 >> Thanks, >> Glenn Parsons > Have you considered upgrading to spamassassin 3.1.0? Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's algorithm, which deals better with parsing problems. 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted relays and no unparseable relays. The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there are no parseable headers. From mhw at WittsEnd.com Thu Feb 2 18:14:53 2006 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Thu Feb 2 18:51:22 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <1138894138.25670.25.camel@lea.nerc-wallingford.ac.uk> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> <43E0D70F.9080804@USherbrooke.ca> <1138845529.4025.80.camel@canyon.wittsend.com> <1138894138.25670.25.camel@lea.nerc-wallingford.ac.uk> Message-ID: <1138904093.4030.13.camel@canyon.wittsend.com> On Thu, 2006-02-02 at 15:28 +0000, Greg Matthews wrote: > On Wed, 2006-02-01 at 20:58 -0500, Michael H. Warfield wrote: > > Turns out it's far worse than we imagined. ...... Work in progress... > > > > ITMT... Turn off "Sign Clean Messages". > > > yeegads! theres no way I can turn this option off now that it is > implemented. I was hoping to upgrade MS from 4.45.4 to 4.50.x pretty > soon, looks like this will have to be on hold for a while. Then you will have to suffer with the line ending problem and broken S/MIME and GPG/MIME cryptographic signatures until it's fixed. Pick your poison. You don't get both. I don't have that option. My signatures HAVE TO WORK. > Will the fix be announced here or will I have to monitor a perl mailing > list somewhere? Nope... It's gonna have to be a MailScanner fix. Even when we altered MIME::Tools to return CR/LF, something higher up on the food chain stripped them. That's one problem and specific to this thread. But merely fixing that doesn't fix the rest of the problem. The other problem is in reformating the Mime parts. That's breaking PGP and S/MIME signatures. For example Evolution will format a simple line with a hard return with just that, a hard return (CR/LF), in quoted-printable, and then sign it with GPG. That same line, when it re-encoded by the perl MIME encode_qp routine comes out with the sequence =0A= at the end of each hard line ending. That translates back as a hard return followed by a soft quoted (escaped) return. It does the same thing. Both will decode back to the same text. But it breaks the signatures, because it's the encoded text which is signed. The trouble is, there is no fix for the perl code. It's sloppy (excessive encoding) but not necessarily wrong either. And if you fix it to go the other way, you're broken when the message was encoded by something else using sloppy encoding. Damn if you do and damned if you don't. The only solution is to preserve the encoded text and restore it exactly, if no modifications are made. That's got to be handled at a high level in MailScanner and it's not going to be pretty. Quoted-printable is ambiguous because there are multiple encodings which can decode back to the same canonical text. You have no deterministic manner to reliably recover the original encoded text from the canonical text in rebuilding the quoted-printable attachments. So you have no reliable way to rebuild the attachments from the canonical text and preserve any cryptographic signatures. Game over... > G Mike > > Mike > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060202/d9c9f1b2/attachment.bin From Edge at twu.ca Thu Feb 2 19:08:02 2006 From: Edge at twu.ca (Richard Edge) Date: Thu Feb 2 19:08:40 2006 Subject: ALL_TRUSTED problems Message-ID: In my situation, I am already at SA 3.1.0. Should I try something drastic like uninstalling SA and doing a new install or forcing an install over the existing installation. If so what is the best way to proceed. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Thursday, February 02, 2006 10:34 AM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems Scott Silva wrote: > dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: >> At 07:59 PM 2/1/2006, you wrote: >> >> debug: SpamAssassin version 3.0.3 >> Thanks, >> Glenn Parsons > Have you considered upgrading to spamassassin 3.1.0? Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's algorithm, which deals better with parsing problems. 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted relays and no unparseable relays. The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there are no parseable headers. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Feb 2 19:21:05 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 19:21:14 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <43E25BA1.2030000@ecs.soton.ac.uk> If that is what you want to do, then do a locate SpamAssassin.pm and delete it and re-install SpamAssassin 3.1.0. Richard Edge wrote: > In my situation, I am already at SA 3.1.0. Should I try something > drastic like uninstalling SA and doing a new install or forcing an > install over the existing installation. If so what is the best way to > proceed. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Thursday, February 02, 2006 10:34 AM > To: MailScanner discussion > Subject: Re: ALL_TRUSTED problems > > Scott Silva wrote: > >> dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: >> >>> At 07:59 PM 2/1/2006, you wrote: >>> >>> debug: SpamAssassin version 3.0.3 >>> Thanks, >>> Glenn Parsons >>> >> Have you considered upgrading to spamassassin 3.1.0? >> > > > Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR > bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's > algorithm, which deals better with parsing problems. > > > 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. > > 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted > relays and no unparseable relays. > > The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there are > no parseable headers. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Thu Feb 2 19:34:49 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 2 19:34:54 2006 Subject: How does one downgrade? Message-ID: <43E25ED9.5090103@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am having quite a time with the upgrade to 4.50.14 I get loads of dependency problems and a 15 characters text e-mail is taking 20 plus seconds to work through the system. The system performed much better on 4.49.X for me. I need to go back to the system before I upgraded as it has been two days now and the delay is quite bad. DO I just rename all the old directories and file to their original names and all is ok? What files must I make sure to rename? Thanks Guys Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4l7ZM4kHBIBZ61gRAqIzAJ9hUIblwZL9WTJP95XeliyEJNqAMgCfXvQh EXxCDjveTbJtBrCL1NWcE+M= =E6/l -----END PGP SIGNATURE----- From ssilva at sgvwater.com Thu Feb 2 19:48:54 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 19:49:47 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: Richard Edge spake the following on 2/2/2006 11:08 AM: > In my situation, I am already at SA 3.1.0. Should I try something > drastic like uninstalling SA and doing a new install or forcing an > install over the existing installation. If so what is the best way to > proceed. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Thursday, February 02, 2006 10:34 AM > To: MailScanner discussion > Subject: Re: ALL_TRUSTED problems > > Scott Silva wrote: >> dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: >>> At 07:59 PM 2/1/2006, you wrote: >>> >>> debug: SpamAssassin version 3.0.3 >>> Thanks, >>> Glenn Parsons >> Have you considered upgrading to spamassassin 3.1.0? > > > Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR > bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's > algorithm, which deals better with parsing problems. > > > 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. > > 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted > relays and no unparseable relays. > > The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there are > no parseable headers. > -- This thread has gotten very confusing! I take it there are 2 people with a similar problem, but more than likely 2 different solutions. I had a problem with a spamassassin install sometime back where it was defaulting to looking for its rules in /usr/etc/mail/spamassassin. It took days to track this down. If you have this problem, I fixed it with a symlink from /usr/etc/mail/spamassassin pointing to /etc/mail/spamassassin. Maybe way off, but a guess s all I have... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Feb 2 19:54:17 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 19:55:54 2006 Subject: How does one downgrade? In-Reply-To: <43E25ED9.5090103@haigmail.com> References: <43E25ED9.5090103@haigmail.com> Message-ID: Lance Haig spake the following on 2/2/2006 11:34 AM: > I am having quite a time with the upgrade to 4.50.14 > > I get loads of dependency problems and a 15 characters text e-mail is > taking 20 plus seconds to work through the system. > > The system performed much better on 4.49.X for me. > > I need to go back to the system before I upgraded as it has been two > days now and the delay is quite bad. > > DO I just rename all the old directories and file to their original > names and all is ok? > > What files must I make sure to rename? > > Thanks Guys > > Lance Did you run something to backup your previous install? There was a script in the MAQ I use before I upgrade that copies the existing MailScanner stuff to MailScanner.%CURRENT-DATE%. If you didn't back up, and you ran the upgrade_mailscanner_conf script, you might be able to remove the new install( or rename), re-install the one you want, and copy over the configs you need. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From lhaig at haigmail.com Thu Feb 2 20:01:32 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 2 20:01:36 2006 Subject: How does one downgrade? In-Reply-To: References: <43E25ED9.5090103@haigmail.com> Message-ID: <43E2651C.9030101@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Scott, I have made a backup so I suppose that to rename all the "new" stuff and then rename the "old" stuff should be ok. I will give it a go and see what happens. Thanks Lance Scott Silva wrote: > Lance Haig spake the following on 2/2/2006 11:34 AM: >> I am having quite a time with the upgrade to 4.50.14 >> >> I get loads of dependency problems and a 15 characters text e-mail is >> taking 20 plus seconds to work through the system. >> >> The system performed much better on 4.49.X for me. >> >> I need to go back to the system before I upgraded as it has been two >> days now and the delay is quite bad. >> >> DO I just rename all the old directories and file to their original >> names and all is ok? >> >> What files must I make sure to rename? >> >> Thanks Guys >> >> Lance > Did you run something to backup your previous install? > There was a script in the MAQ I use before I upgrade that copies the existing > MailScanner stuff to MailScanner.%CURRENT-DATE%. > If you didn't back up, and you ran the upgrade_mailscanner_conf script, you > might be able to remove the new install( or rename), re-install the one you > want, and copy over the configs you need. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4mUcM4kHBIBZ61gRAi9tAJoDmVB7irIK5u5II0IMxTTVNn4C6gCgjPx4 K4/pFTB78/c4/UqdvcZd1cQ= =K/uP -----END PGP SIGNATURE----- From dnsadmin at 1bigthink.com Thu Feb 2 20:02:35 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Feb 2 20:02:44 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <6.2.3.4.0.20060202145729.05a32db0@mxt.1bigthink.com> At 02:48 PM 2/2/2006, you wrote: >Richard Edge spake the following on 2/2/2006 11:08 AM: > > In my situation, I am already at SA 3.1.0. Should I try something > > drastic like uninstalling SA and doing a new install or forcing an > > install over the existing installation. If so what is the best way to > > proceed. > > > > Richard Edge > > Senior Systems Administrator | Technology Services > > Trinity Western University | t: 604.513.2089 > > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > > Kettler > > Sent: Thursday, February 02, 2006 10:34 AM > > To: MailScanner discussion > > Subject: Re: ALL_TRUSTED problems > > > > Scott Silva wrote: > >> dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: > >>> At 07:59 PM 2/1/2006, you wrote: > >>> > >>> debug: SpamAssassin version 3.0.3 > >>> Thanks, > >>> Glenn Parsons > >> Have you considered upgrading to spamassassin 3.1.0? > > > > > > Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR > > bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's > > algorithm, which deals better with parsing problems. > > > > > > 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. > > > > 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted > > relays and no unparseable relays. > > > > The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there are > > no parseable headers. > > -- >This thread has gotten very confusing! I take it there are 2 people with a >similar problem, but more than likely 2 different solutions. > >I had a problem with a spamassassin install sometime back where it was >defaulting to looking for its rules in /usr/etc/mail/spamassassin. It took >days to track this down. If you have this problem, I fixed it with a symlink >from /usr/etc/mail/spamassassin pointing to /etc/mail/spamassassin. Maybe way >off, but a guess s all I have... I could see how you got confused with this thread.. Richard started with a problem that does not seem to be solved.. that's him still scratching his head over there! His version of MailScanner and SpamAssasin are either current or a late Beta of the current 4.50 release. We were both having problems with ALL_TRUSTED firing in the SA reports, but for different reasons. Matt resolved my problem with his last post: My SpamAssassin version is not only a bit old, but has known bugs that fire the ALL_TRUSTED rule in the way that I had observed. Thanks ever so much again, ALL! MailScanner/SpamAssassin upgrade on Saturday, so hopefully I can watch the Superbowl undistracted on Sunday! Cheers, Glenn Parsons From Denis.Beauchemin at USherbrooke.ca Thu Feb 2 20:16:32 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Feb 2 20:16:45 2006 Subject: How does one downgrade? In-Reply-To: <43E2651C.9030101@haigmail.com> References: <43E25ED9.5090103@haigmail.com> <43E2651C.9030101@haigmail.com> Message-ID: <43E268A0.3070104@USherbrooke.ca> Lance Haig wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hi Scott, > >I have made a backup so I suppose that to rename all the "new" stuff and >then rename the "old" stuff should be ok. > >I will give it a go and see what happens. > > > Lance, Don't forget that MS installs in 3 directories (at least when installing from the RPM on a Red Hat system): /etc/MailScanner /usr/lib/MailScanner /usr/sbin Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 From lhaig at haigmail.com Thu Feb 2 20:29:00 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 2 20:29:08 2006 Subject: How does one downgrade? In-Reply-To: <43E268A0.3070104@USherbrooke.ca> References: <43E25ED9.5090103@haigmail.com> <43E2651C.9030101@haigmail.com> <43E268A0.3070104@USherbrooke.ca> Message-ID: <43E26B8C.3090902@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Denis I will double check Lance Denis Beauchemin wrote: > Lance Haig wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi Scott, >> >> I have made a backup so I suppose that to rename all the "new" stuff and >> then rename the "old" stuff should be ok. >> >> I will give it a go and see what happens. >> >> >> > > Lance, > > Don't forget that MS installs in 3 directories (at least when installing > from the RPM on a Red Hat system): > /etc/MailScanner > /usr/lib/MailScanner > /usr/sbin > > Denis > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4muMM4kHBIBZ61gRAk/6AJ0QBLAuhKMR9Q2yWvTDtkyiHncWHwCfeA3x 0J4B2uuyBJaZHq7SzYB6SnA= =NPnF -----END PGP SIGNATURE----- From drozk at moeller.com Thu Feb 2 20:29:42 2006 From: drozk at moeller.com (Kevin Droz) Date: Thu Feb 2 20:29:54 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <43E25ED9.5090103@haigmail.com> Message-ID: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> I'm running MailScanner 4.48.4-2 using SpamAssassin 3.1.0-1. Ever since I enabled SpamAssassin and make a change I need to restart MailScanner twice before it stays up. When I look in the log I see MailScanner trying to start, it stops responding after this line "started as: /usr/sbin/sendmail -q15m -OPidFile=/var/run/sendmail.out.pid" I do another restart and it starts working fine. I don't know if it's timing with activity in the mail server or maybe a lack of ram. My machine is low end Celeron with only 128 MB of ram. Thanks for the help. Kevin. From rob at robhq.com Thu Feb 2 20:44:43 2006 From: rob at robhq.com (Rob Freeman) Date: Thu Feb 2 20:44:47 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> Message-ID: <43E26F3B.5080907@robhq.com> Kevin Droz wrote: > I'm running MailScanner 4.48.4-2 using SpamAssassin 3.1.0-1. Ever since I > enabled SpamAssassin and make a change I need to restart MailScanner twice > before it stays up. When I look in the log I see MailScanner trying to > start, it stops responding after this line "started as: /usr/sbin/sendmail > -q15m -OPidFile=/var/run/sendmail.out.pid" I do another restart and it > starts working fine. I don't know if it's timing with activity in the mail > server or maybe a lack of ram. My machine is low end Celeron with only 128 > MB of ram. > > Thanks for the help. > > Kevin. > > > > We run a pause in the mailscanner restart switch so to make sure all instances of sendmail are shutoff before mailscanner starts back up. I am thinking since this is a slower box, the sendmails are still active when your mailscanner tries to start back up. Rob From glenn.steen at gmail.com Thu Feb 2 21:05:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 21:05:35 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: References: <43E1382D.8010603@haigmail.com> Message-ID: <223f97700602021305nbaf3b62g@mail.gmail.com> On 02/02/06, Scott Silva wrote: > Lance Haig spake the following on 2/1/2006 2:37 PM: > > I have a problem after upgrading. > > > > My MS is very slow processing mail. I have sent test text messages to > > the system and they take between 28 to 31 seconds to process > > > > here is a snippet of the log Can anyone lead me in the right direction > > to see why this is so low? > > > > Thanks > > > > Lance > > > > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages > > waiting > > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 > > messages, 2009 bytes > > Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting > > Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: > > Starting > > Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages > > Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds > > Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message > > k11MuMV5003084 to SQL > > Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took > > 0.00 seconds > > Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: > > to=, delay=00:00:28, xdelay=00:00:00, > > mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], > > dsn=2.0.0, stat=Sent (OK) > > Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to > > MailWatch SQL > > Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: > > Starting > > Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages > > Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds > > Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message > > k11MuM6S003085 to SQL > > Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took > > 0.00 seconds > > Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to > > MailWatch SQL > > Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: > > to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, > > pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > > stat=Sent (OK) > > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > > from=, size=4772, class=-30, > > nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, > > relay=bkserver.blacknight.ie [83.98.166.45] > > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > > to=, delay=00:00:00, mailer=esmtp, pri=88772, > > stat=queued > > Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 > > messages, 5347 bytes > > Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam > > in language translation file /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > > notspam in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached > > Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist > > Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries > > Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from > > 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > > mailscanner in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > > unreadablearchive in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > > passwordedarchive in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > > archivetoodeep in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: > > Starting > > Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string > > mailscanner in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages > > Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds > > Feb 1 22:57:20 mailhost MailScanner[993]: Logging message > > k11MvIXH003138 to SQL > > Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took > > 0.00 seconds > > Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to > > MailWatch SQL > > Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: > > to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, > > pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > > stat=Sent (OK) > One problem I see is either an old or no file > /etc/MailScanner/reports/en/languages.conf. See if this is either a 0 length > file, or if you have a /etc/MailScanner/reports/en/languages.conf.rpmnew file. Ah yes. I actually (he said blushing) walked into that myself this time around... Silly cut'n'paste all the three lines... Oh well, if that is it, it?s just a matter of moving languages.old back into place... Jules, perhaps you should stress the need to look for an rpmnew file first, before blithely doing the upgrade(s)?... In the nice usage would be a good place... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Thu Feb 2 21:21:07 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 21:31:41 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <223f97700602021305nbaf3b62g@mail.gmail.com> References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/2/2006 1:05 PM: > On 02/02/06, Scott Silva wrote: >> Lance Haig spake the following on 2/1/2006 2:37 PM: >>> I have a problem after upgrading. >>> >>> My MS is very slow processing mail. I have sent test text messages to >>> the system and they take between 28 to 31 seconds to process >>> >>> here is a snippet of the log Can anyone lead me in the right direction >>> to see why this is so low? >>> >>> Thanks >>> >>> Lance >>> >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages >>> waiting >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 >>> messages, 2009 bytes >>> Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting >>> Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message >>> k11MuMV5003084 to SQL >>> Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: >>> to=, delay=00:00:28, xdelay=00:00:00, >>> mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], >>> dsn=2.0.0, stat=Sent (OK) >>> Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to >>> MailWatch SQL >>> Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message >>> k11MuM6S003085 to SQL >>> Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to >>> MailWatch SQL >>> Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: >>> to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, >>> pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> from=, size=4772, class=-30, >>> nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, >>> relay=bkserver.blacknight.ie [83.98.166.45] >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> to=, delay=00:00:00, mailer=esmtp, pri=88772, >>> stat=queued >>> Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 >>> messages, 5347 bytes >>> Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam >>> in language translation file /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> notspam in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached >>> Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist >>> Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries >>> Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from >>> 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> unreadablearchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> passwordedarchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> archivetoodeep in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages >>> Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds >>> Feb 1 22:57:20 mailhost MailScanner[993]: Logging message >>> k11MvIXH003138 to SQL >>> Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to >>> MailWatch SQL >>> Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: >>> to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, >>> pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) >> One problem I see is either an old or no file >> /etc/MailScanner/reports/en/languages.conf. See if this is either a 0 length >> file, or if you have a /etc/MailScanner/reports/en/languages.conf.rpmnew file. > > Ah yes. I actually (he said blushing) walked into that myself this > time around... Silly cut'n'paste all the three lines... Oh well, if > that is it, it?s just a matter of moving languages.old back into > place... > Jules, perhaps you should stress the need to look for an rpmnew file > first, before blithely doing the upgrade(s)?... In the nice usage > would be a good place... > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se I thought Julian had fixed the upgrade_languages_conf to not do this a few months ago. Maybe my rememberer is busted... I usually check, now, after being bitten by this one. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Feb 2 21:42:08 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 21:42:48 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <43E26F3B.5080907@robhq.com> References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> Message-ID: Rob Freeman spake the following on 2/2/2006 12:44 PM: > Kevin Droz wrote: >> I'm running MailScanner 4.48.4-2 using SpamAssassin 3.1.0-1. Ever since I >> enabled SpamAssassin and make a change I need to restart MailScanner >> twice >> before it stays up. When I look in the log I see MailScanner trying to >> start, it stops responding after this line "started as: >> /usr/sbin/sendmail >> -q15m -OPidFile=/var/run/sendmail.out.pid" I do another restart and it >> starts working fine. I don't know if it's timing with activity in the >> mail >> server or maybe a lack of ram. My machine is low end Celeron with only >> 128 >> MB of ram. >> Thanks for the help. >> >> Kevin. >> >> >> > > We run a pause in the mailscanner restart switch so to make sure all > instances of sendmail are shutoff before mailscanner starts back up. I > am thinking since this is a slower box, the sendmails are still active > when your mailscanner tries to start back up. > > Rob The default during a restart is a 10 second pause. You might be bypassing this if you are doing a stop, immediately followed by a start. If 10 seconds isn't enough, it is easy enough to find in the MailScanner init script. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Thu Feb 2 22:05:47 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 22:05:50 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> Message-ID: <223f97700602021405r50031af5m@mail.gmail.com> On 02/02/06, Scott Silva wrote: > Glenn Steen spake the following on 2/2/2006 1:05 PM: > > On 02/02/06, Scott Silva wrote: (snip) > >> One problem I see is either an old or no file > >> /etc/MailScanner/reports/en/languages.conf. See if this is either a 0 length > >> file, or if you have a /etc/MailScanner/reports/en/languages.conf.rpmnew file. > > > > Ah yes. I actually (he said blushing) walked into that myself this > > time around... Silly cut'n'paste all the three lines... Oh well, if > > that is it, it?s just a matter of moving languages.old back into > > place... > > Jules, perhaps you should stress the need to look for an rpmnew file > > first, before blithely doing the upgrade(s)?... In the nice usage > > would be a good place... > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > I thought Julian had fixed the upgrade_languages_conf to not do this a few > months ago. Maybe my rememberer is busted... > I usually check, now, after being bitten by this one. > If so, he managed to un-fix it to this version:-). If you cu'n'oaste the suggested lines to do the upgrade the first one creates the zero.length file, and the subsequent move move it into place... Empirical study (meaning: I goofed up:) show that it certainly will behave as I describe;) > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! *chuckle* Keep dreaming these up.... Makes it worth reading your mails even on matters I don't really care that much about (like Sendmail:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Feb 2 22:07:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 22:07:50 2006 Subject: How does one downgrade? In-Reply-To: <43E25ED9.5090103@haigmail.com> References: <43E25ED9.5090103@haigmail.com> Message-ID: <43E282B4.5010201@ecs.soton.ac.uk> I would be very interested to work through your problems with 4.50 when you have time. Lance Haig wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am having quite a time with the upgrade to 4.50.14 > > I get loads of dependency problems and a 15 characters text e-mail is > taking 20 plus seconds to work through the system. > > The system performed much better on 4.49.X for me. > > I need to go back to the system before I upgraded as it has been two > days now and the delay is quite bad. > > DO I just rename all the old directories and file to their original > names and all is ok? > > What files must I make sure to rename? > > Thanks Guys > > Lance > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFD4l7ZM4kHBIBZ61gRAqIzAJ9hUIblwZL9WTJP95XeliyEJNqAMgCfXvQh > EXxCDjveTbJtBrCL1NWcE+M= > =E6/l > -----END PGP SIGNATURE----- > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Thu Feb 2 22:24:40 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Feb 2 22:24:50 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> Message-ID: <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> On 2 Feb 2006, at 21:42, Scott Silva wrote: > The default during a restart is a 10 second pause. > You might be bypassing this if you are doing a stop, immediately > followed by a > start. > If 10 seconds isn't enough, it is easy enough to find in the > MailScanner init > script. On that spec of machine, 10 seconds isn't enough. My MailScanner processes take more like 20 seconds to die fully on my (Very!) low end AMD K6-s machine. Just edit the init script to put a larger pause in there. > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > Nice sig. Definitely takes signature of the week winner!! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From naolson at gmail.com Thu Feb 2 22:27:12 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Feb 2 22:27:15 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> Message-ID: <8f54b4330602021427m670dfae8x4ee94848135bd928@mail.gmail.com> Your keyboard wants two of those !!s back. ;) Nate From linux_spartacus at yahoo.com Fri Feb 3 00:39:18 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Fri Feb 3 00:39:22 2006 Subject: cyrus-sasl-sql removal? Message-ID: <20060203003918.24583.qmail@web35610.mail.mud.yahoo.com> hi guys, after installing MS, clamav and spamassassin all works well. But im seeing some logs on my /var/log/messages for auxpropfunct error and sql_select missing. i tried removing cyrus-sasl-sql and the logs were gone. my concers is, will MS use this ? or its ok to remove it. tnx __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From ssilva at sgvwater.com Fri Feb 3 00:44:54 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 3 00:45:12 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> Message-ID: Drew Marshall spake the following on 2/2/2006 2:24 PM: > On 2 Feb 2006, at 21:42, Scott Silva wrote: > > >> The default during a restart is a 10 second pause. >> You might be bypassing this if you are doing a stop, immediately >> followed by a >> start. >> If 10 seconds isn't enough, it is easy enough to find in the >> MailScanner init >> script. > > On that spec of machine, 10 seconds isn't enough. My MailScanner > processes take more like 20 seconds to die fully on my (Very!) low end > AMD K6-s machine. Just edit the init script to put a larger pause in there. >> >> MailScanner is like deodorant... >> You hope everybody uses it, and >> you notice quickly if they don't!!!! >> > Nice sig. Definitely takes signature of the week winner!! > If I can just figure out how to get thunderbird to use different signatues on different news accounts from the same gmane account, I wouldn't have MailScanner plugs going to the CentOS list. Oh well... Free advertising for Julian ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gdoris at rogers.com Fri Feb 3 07:49:01 2006 From: gdoris at rogers.com (Gerry Doris) Date: Fri Feb 3 07:49:25 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> References: <00ce01c6272b$42124b50$1465a8c0@support01> <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> Message-ID: <43E30AED.1090003@rogers.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On 1 Feb 2006, at 13:09, Res wrote: > >>On Wed, 1 Feb 2006, Jeff A. Earickson wrote: >> >> >>>That's a feature I asked for back in November and Julian has kindly >>>implemented. You get it even if log speed is no. Useful for >>>tracking >>>stats on how fast batches move thru your system. >> >>ok well how about those of us that do NOT want it >>those whos logs grow 100 megs a day dont need an extra 10K lines >> >>I'm sure i'm not alone when I ask the thet log speed = no actually >>is a no logging. > > > It's 1 line per batch of messages. If you don't like it feel free to > change it. > :-) > > I like it, it's a very handy indicator that MailScanner is working at > full speed. I also don't like this feature. I've been trying to figure out how to remove it without success. Can you give me some hints how to do so. As well, I agree that Log Speed = no should mean exactly what it says...no speed logging. Gerry From MailScanner at ecs.soton.ac.uk Fri Feb 3 08:56:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 08:56:28 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: <43E30AED.1090003@rogers.com> References: <00ce01c6272b$42124b50$1465a8c0@support01> <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> <43E30AED.1090003@rogers.com> Message-ID: <6E4EE040-DCC2-4C22-B1B1-639FCACC0630@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 3 Feb 2006, at 07:49, Gerry Doris wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> On 1 Feb 2006, at 13:09, Res wrote: >>> On Wed, 1 Feb 2006, Jeff A. Earickson wrote: >>> >>> >>>> That's a feature I asked for back in November and Julian has kindly >>>> implemented. You get it even if log speed is no. Useful for >>>> tracking >>>> stats on how fast batches move thru your system. >>> >>> ok well how about those of us that do NOT want it >>> those whos logs grow 100 megs a day dont need an extra 10K lines >>> >>> I'm sure i'm not alone when I ask the thet log speed = no >>> actually is a no logging. >> It's 1 line per batch of messages. If you don't like it feel free >> to change it. >> :-) >> I like it, it's a very handy indicator that MailScanner is working >> at full speed. > > I also don't like this feature. I've been trying to figure out how > to remove it without success. Can you give me some hints how to do > so. > > As well, I agree that > > Log Speed = no > > should mean exactly what it says...no speed logging. Either edit line 110 of MessageBatch, or else just set syslog.conf so that mail.info is not logged to your maillog. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+MasPw32o+k+q+hAQGTKAgAnBCYpMoY9SIkkWaI9RFlUce0UNf/8MIX C2+vjqgB8Q+Ue6N6te1jwcD6V+i5ux8J6Q9nf9Vdg+TOnbwyt7gDqz/Nx4s0VLyf PiDeq2wOldFN0POjrGk8WF/V6Go5CESs1WKWCh/2SysHP4snqSNGCTBmwXjn1oMa lkTmPVzCNvmoPrZ+L8DW8Teiedkf34MOjVk33MEiQVKaIEEUxuRhUcCHZeq6leZd L9/vo2/nLUGgnjb5vtRorahzzs1mh7z7j49cwuPfin8TH+prIowLp4N9iy6iRh0c MBgkIIyT1yeDaG7T7jVCKuZpwneBYyYfy+qVDbRXP/p7m+Ed9PgNBw== =D7DT -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Feb 3 08:58:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 08:58:43 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <223f97700602021405r50031af5m@mail.gmail.com> References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> <223f97700602021405r50031af5m@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 22:05, Glenn Steen wrote: > On 02/02/06, Scott Silva wrote: >> Glenn Steen spake the following on 2/2/2006 1:05 PM: >>> On 02/02/06, Scott Silva wrote: > (snip) >>>> One problem I see is either an old or no file >>>> /etc/MailScanner/reports/en/languages.conf. See if this is >>>> either a 0 length >>>> file, or if you have a /etc/MailScanner/reports/en/ >>>> languages.conf.rpmnew file. >>> >>> Ah yes. I actually (he said blushing) walked into that myself this >>> time around... Silly cut'n'paste all the three lines... Oh well, if >>> that is it, it?s just a matter of moving languages.old back into >>> place... >>> Jules, perhaps you should stress the need to look for an rpmnew file >>> first, before blithely doing the upgrade(s)?... In the nice usage >>> would be a good place... >>> >>> -- >>> -- Glenn >>> email: glenn < dot > steen < at > gmail < dot > com >>> work: glenn < dot > steen < at > ap1 < dot > se >> I thought Julian had fixed the upgrade_languages_conf to not do >> this a few >> months ago. Maybe my rememberer is busted... >> I usually check, now, after being bitten by this one. >> > If so, he managed to un-fix it to this version:-). If you cu'n'oaste > the suggested lines to do the upgrade the first one creates the > zero.length file, and the subsequent move move it into place... > Empirical study (meaning: I goofed up:) show that it certainly will > behave as I describe;) > Check you upgrade_MailScanner_conf or upgrade_languages_conf (one is a link to the other) for this code Usage() unless $oldfname && $newfname && -f $oldfname && -f $newfname && -s $oldfname && -s $newfname; That really should do the job. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+MbPfw32o+k+q+hAQGdNgf9GOBfPMUSLufD14VlcnqAP+ZTVTIyEdub 9IR+IRQ7GdVa/eyRhNWE2pwPTMhH929/XiMt91Xtt971mn5kSIIHCTK17EAU0kcc NOGz/9FhSHXqvGULFxW15lx6ZQDPyiC9g17XZYXLL4bPGe96baQKcVV88g+fru6O ysHJ8+5y+/MhzOXsaG5gmLQX/P5e/p//mky9NrzphMYW4LFbaHivQrcrJh09U0hk +5oc9FxDiSrF4lKmVC8bVWzgDlwzrnqrL3lrlDkEvXdHDekF/gJychgs0bYDjpid Mij1eMcwOk9Gtbhl5GYRavBf9IAIzIF6ANwmGII9JAsBltpqIiUDnA== =+0GH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Feb 3 09:49:31 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 3 09:49:34 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> <223f97700602021405r50031af5m@mail.gmail.com> Message-ID: <223f97700602030149qcd5eca8x@mail.gmail.com> On 03/02/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 2 Feb 2006, at 22:05, Glenn Steen wrote: > > > On 02/02/06, Scott Silva wrote: > >> Glenn Steen spake the following on 2/2/2006 1:05 PM: > >>> On 02/02/06, Scott Silva wrote: > > (snip) > >>>> One problem I see is either an old or no file > >>>> /etc/MailScanner/reports/en/languages.conf. See if this is > >>>> either a 0 length > >>>> file, or if you have a /etc/MailScanner/reports/en/ > >>>> languages.conf.rpmnew file. > >>> > >>> Ah yes. I actually (he said blushing) walked into that myself this > >>> time around... Silly cut'n'paste all the three lines... Oh well, if > >>> that is it, it?s just a matter of moving languages.old back into > >>> place... > >>> Jules, perhaps you should stress the need to look for an rpmnew file > >>> first, before blithely doing the upgrade(s)?... In the nice usage > >>> would be a good place... > >>> > >>> -- > >>> -- Glenn > >>> email: glenn < dot > steen < at > gmail < dot > com > >>> work: glenn < dot > steen < at > ap1 < dot > se > >> I thought Julian had fixed the upgrade_languages_conf to not do > >> this a few > >> months ago. Maybe my rememberer is busted... > >> I usually check, now, after being bitten by this one. > >> > > If so, he managed to un-fix it to this version:-). If you cu'n'oaste > > the suggested lines to do the upgrade the first one creates the > > zero.length file, and the subsequent move move it into place... > > Empirical study (meaning: I goofed up:) show that it certainly will > > behave as I describe;) > > > > Check you upgrade_MailScanner_conf or upgrade_languages_conf (one is > a link to the other) for this code > > Usage() unless $oldfname && $newfname && > -f $oldfname && -f $newfname && > -s $oldfname && -s $newfname; > > That really should do the job. > :-) Not really... The instructions are the in the Usage itself: -------------------- RPM === If you are using the RPM distributions then try this: cd /etc/MailScanner/reports/en upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new mv -f languages.conf languages.old mv -f languages.new languages.conf --------------------- Now, the upgrade thing behaves exactly right, BUT you still create a zero-lenght file because the Usage is printed to STDERR, and _nothing_ to STDOUT. Sure, it's pretty obvious whatwith the Usage carooming by on the screen, but still... If you try to make all this "unattended" or is a bit preoccupied with other things (that'd be me:-) it just _might_ slip by (not that I did let that happen, mind you:-). Note that this is singularly for when you do a cut'n'paste _from the Usage itself_. So having a few words about _not doing it if there's no rpmnew file_ might be a good idea. Specifically since this tend to crop up from time to time:-). That's all, no criticism intended. Cheers, -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri Feb 3 10:04:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 10:04:55 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <223f97700602030149qcd5eca8x@mail.gmail.com> References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> <223f97700602021405r50031af5m@mail.gmail.com> <223f97700602030149qcd5eca8x@mail.gmail.com> Message-ID: <33703DB0-D85A-48B8-827F-F34A62F8CBB7@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 3 Feb 2006, at 09:49, Glenn Steen wrote: > On 03/02/06, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 2 Feb 2006, at 22:05, Glenn Steen wrote: >> >>> On 02/02/06, Scott Silva wrote: >>>> Glenn Steen spake the following on 2/2/2006 1:05 PM: >>>>> On 02/02/06, Scott Silva wrote: >>> (snip) >>>>>> One problem I see is either an old or no file >>>>>> /etc/MailScanner/reports/en/languages.conf. See if this is >>>>>> either a 0 length >>>>>> file, or if you have a /etc/MailScanner/reports/en/ >>>>>> languages.conf.rpmnew file. >>>>> >>>>> Ah yes. I actually (he said blushing) walked into that myself this >>>>> time around... Silly cut'n'paste all the three lines... Oh >>>>> well, if >>>>> that is it, it?s just a matter of moving languages.old back into >>>>> place... >>>>> Jules, perhaps you should stress the need to look for an rpmnew >>>>> file >>>>> first, before blithely doing the upgrade(s)?... In the nice usage >>>>> would be a good place... >>>>> >>>>> -- >>>>> -- Glenn >>>>> email: glenn < dot > steen < at > gmail < dot > com >>>>> work: glenn < dot > steen < at > ap1 < dot > se >>>> I thought Julian had fixed the upgrade_languages_conf to not do >>>> this a few >>>> months ago. Maybe my rememberer is busted... >>>> I usually check, now, after being bitten by this one. >>>> >>> If so, he managed to un-fix it to this version:-). If you cu'n'oaste >>> the suggested lines to do the upgrade the first one creates the >>> zero.length file, and the subsequent move move it into place... >>> Empirical study (meaning: I goofed up:) show that it certainly will >>> behave as I describe;) >>> >> >> Check you upgrade_MailScanner_conf or upgrade_languages_conf (one is >> a link to the other) for this code >> >> Usage() unless $oldfname && $newfname && >> -f $oldfname && -f $newfname && >> -s $oldfname && -s $newfname; >> >> That really should do the job. >> > :-) > Not really... The instructions are the in the Usage itself: > -------------------- > RPM > === > If you are using the RPM distributions then try this: > > cd /etc/MailScanner/reports/en > upgrade_languages_conf languages.conf languages.conf.rpmnew > > languages.new > mv -f languages.conf languages.old > mv -f languages.new languages.conf > --------------------- > Now, the upgrade thing behaves exactly right, BUT you still create a > zero-lenght file because the Usage is printed to STDERR, and _nothing_ > to STDOUT. Sure, it's pretty obvious whatwith the Usage carooming by > on the screen, but still... If you try to make all this "unattended" > or is a bit preoccupied with other things (that'd be me:-) it just > _might_ slip by (not that I did let that happen, mind you:-). > Note that this is singularly for when you do a cut'n'paste _from the > Usage itself_. So having a few words about _not doing it if there's no > rpmnew file_ might be a good idea. Specifically since this tend to > crop up from time to time:-). So if the Usage is printed, I need to cat the incoming file to stdout as well. Will that fix it? I'm not sure I 100% understand you if that is not right. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Mqvvw32o+k+q+hAQFaWwgAjQVYffSb07mo/pUzVIDku7kI94IjxBhK 0vSllEYyjYrWVtM1vJkSF8JIsfklgXqF6QvmUZEsLT/ibKeLZCtF6ycNxA4o/wYM 216cNGYqvfM5YJt4UdgILte0jKyHUtlH134+2rmbM9jEhmMfz3Ieg/K7ISlNnV2h bwpoXlk5GtEEAKU86/bFUDuNgSZVEIMwOpcg0Y9NPgP+MLggkdn4/ukCSj5L/Ek6 moK3ojyUuOMGx/lHVWA5ZN2Jl88GaYygwxynltDxAjwe6J3olqIpYU5W7iDJCL3Z lK84kYdTgTNOt1aYu9Mza2coxhDDvt/Ju7f4eYmuuUjONK3kkld6yg== =LgtA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Fri Feb 3 10:36:20 2006 From: res at ausics.net (Res) Date: Fri Feb 3 10:36:30 2006 Subject: New speed benchmark In-Reply-To: <43E22B7B.3000809@pixelhammer.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> Message-ID: On Thu, 2 Feb 2006, DAve wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I forgot to add the MTA is sendmail >> >> On 2 Feb 2006, at 14:59, Julian Field wrote: >> >> >>> * PGP Signed: 02/02/06 at 14:59:40 >>> >>> I have just done a speed test. >>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, clamavmodule >>> MailScanner setup: default >>> >>> Speed: 770,000 messages per day >> >> > > What happens at 780,000 messages a day? > and at what loads > DAve > -- Cheers Res From res at ausics.net Fri Feb 3 10:46:09 2006 From: res at ausics.net (Res) Date: Fri Feb 3 10:46:16 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: <43E30AED.1090003@rogers.com> References: <00ce01c6272b$42124b50$1465a8c0@support01> <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> <43E30AED.1090003@rogers.com> Message-ID: Hi Gerry, locate MessageBatch.pm load it in vi/pico and comment out line 110 #MailScanner::Log::InfoLog("Batch processed in %.2f seconds", $totaltime); On Fri, 3 Feb 2006, Gerry Doris wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> On 1 Feb 2006, at 13:09, Res wrote: >> >>> On Wed, 1 Feb 2006, Jeff A. Earickson wrote: >>> >>> >>>> That's a feature I asked for back in November and Julian has kindly >>>> implemented. You get it even if log speed is no. Useful for tracking >>>> stats on how fast batches move thru your system. >>> >>> ok well how about those of us that do NOT want it >>> those whos logs grow 100 megs a day dont need an extra 10K lines >>> >>> I'm sure i'm not alone when I ask the thet log speed = no actually is a >>> no logging. >> >> >> It's 1 line per batch of messages. If you don't like it feel free to >> change it. >> :-) >> >> I like it, it's a very handy indicator that MailScanner is working at full >> speed. > > I also don't like this feature. I've been trying to figure out how to remove > it without success. Can you give me some hints how to do so. > > As well, I agree that > > Log Speed = no > > should mean exactly what it says...no speed logging. > > Gerry > -- Cheers Res From MailScanner at ecs.soton.ac.uk Fri Feb 3 11:06:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 11:06:42 2006 Subject: New speed benchmark In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> Message-ID: <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 3 Feb 2006, at 10:36, Res wrote: > On Thu, 2 Feb 2006, DAve wrote: > >> Julian Field wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> I forgot to add the MTA is sendmail >>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>> > Old Signed: 02/02/06 at 14:59:40 >>>> I have just done a speed test. >>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>> clamavmodule >>>> MailScanner setup: default >>>> Speed: 770,000 messages per day >> >> What happens at 780,000 messages a day? >> > > and at what loads Maintained about 10 which is what I would expect. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+M5OPw32o+k+q+hAQFMhggAkbE3ehk4UG3MHsz0wcRHi0Vof/XWqhsd WUTBEsXtRVvx9ZshsLDHRWYX70P6u5VBChqiQKfGBUL/kYO69m44jO3Q189aOZgz Xp8jSy5ly6OzAHXxCmHD22nyk2pdYuPI8Pkr59lK+r8CMh45rCqX7i4h4uIRfz8v vIaLMsmmoeHFkcQBH+jMg5x2HlHVosWC+WnIjpQytU9K9ggEIKY92vnU+nN41j8P FRTF07CFIjkoyYDWPr5rbquY1e1z+MyZ6QYQwFYWW+jxCfOFPHfwIMfTs6JQzzUL GisT0NSjzSZ3KEIVeTQnma9J1oWFH5d3hN7VDYmOutlGoPn9+MBfDA== =oUO7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Feb 3 11:46:13 2006 From: rcooper at dwford.com (Rick Cooper) Date: Fri Feb 3 11:47:47 2006 Subject: Panda Wrapper reporting zero In-Reply-To: <43DFB8B4.20309@pixelmagicfx.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Victor > DiMichina > Sent: Tuesday, January 31, 2006 2:21 PM > To: MailScanner discussion > Subject: Re: Panda Wrapper reporting zero > > > > Julian Field wrote: > > > Very few people have ever had much luck getting Panda to work > > properly. It is the worst of all the virus scanners I support. Check > > you /etc/MailScanner/virus.scanners.conf file to be sure you have the > > right path. > > > > Run this > > /usr/lib/MailScanner/panda-wrapper /usr /tmp > > will scan /tmp for you, the "/usr" argument is the path taken from the > > end of the corresponding line in virus.scanners.conf. > > > I figured as much. I had it working when the wrapper was all in > Spanish and before Panda went to their over-engineered output. :) > > Looking through the archives, it seems like some had a measure of > success with Rick's new wrapper. I can actually see results of the > wrapper detecting and eliminating virus files, but can't get an > accurate report. The only reason I'm bothering is because I'm under > support for one more year, and I'd like to use it. > When you say an accurate report, it's not logging the detections in the maillog? I am still at 4.46.2 because there were so many changes after that I haven't had the desire to rebuild the two patches I have to integrate into each new MS release but I suppose I can try and get to it this weekend and see if something might have changed to affect the logging. It seemed like I had to do something to prevent double logging and perhaps that was fixed and now it doesn't log anything? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Feb 3 11:33:58 2006 From: rcooper at dwford.com (Rick Cooper) Date: Fri Feb 3 11:47:49 2006 Subject: Panda Wrapper reporting zero In-Reply-To: <43DFB109.7030609@pixelmagicfx.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Victor > DiMichina > Sent: Tuesday, January 31, 2006 1:49 PM > To: mailscanner@lists.mailscanner.info > Subject: Panda Wrapper reporting zero > > > > I've been wrestling with the Panda Wrapper for some time now. It's > *probably* working, but with no reporting. The only way I can see it > working is when I run it manually on an Eicar virus, I have the -ren > option selected so that it actually renames the eicar.com to > eicar.com.vir. It still returns a Virus=0 status. I get no updates > from MailScanner the way I do for the f-secure wrapper. > Does anyone have success in getting Panda's wrapper to report a virus > when found? Even though it's probably working, it's not a very > secure feeling just trusting a piece of code to do its job with no > feedback. > MailScanner Version 4.47.4 > I am not following exactly what you mean here. Are you running the wrapper manually *exactly* the way it's describer at the top of the wrapper? I havent touched it for a loooong time, but because of some of the er, odd, ways they have the thing working it needs to be run exactly (dir structure and all) the way it shows at the top of the wrapper. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From a.peacock at chime.ucl.ac.uk Fri Feb 3 12:07:46 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 3 12:07:53 2006 Subject: sendmail greet_pause feature In-Reply-To: <20060202143933.05h6byks2sggokwo@webmail.waversveld.nl> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> <43E1DFD2.20708@chime.ucl.ac.uk> <20060202141929.by6t7fas74wo0woc@webmail.waversveld.nl> <43E209D4.8050902@chime.ucl.ac.uk> <20060202143933.05h6byks2sggokwo@webmail.waversveld.nl> Message-ID: <43E34792.8060706@chime.ucl.ac.uk> Hi Joost, No worries :-) Joost Waversveld wrote: > Anthony, > > I get your point and you're absolutely right. I'm sorry for that. I > won't do it again :-D > > Greetz, > > Joost > > ----- Message from a.peacock@chime.ucl.ac.uk --------- > Date: Thu, 02 Feb 2006 13:32:04 +0000 > From: Anthony Peacock > Reply-To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > To: MailScanner discussion > > >> Hi Joost, >> >> My comments were more directed to the list in general. >> >> Julian was very clear in his email earlier that on _Linux_ the lock >> type needs to change to Posix for Sendmail 8.13 and above. >> >> I just get twitchy when statements are made that don't recognise that >> the OS is an important component in this setting. First, it makes me >> doubt my configuration. Secondly, it might give the wrong impression >> to admins of OSs other than Linux. >> >> Changing the default would have implications for me. If I didn't spot >> that it had changed I may start to see problems after an upgrade, with >> a system that runs fine at the moment. >> >> Joost Waversveld wrote: >>> I really do not know if this is for all the OS's. I do know that it >>> is true for Redhat, CentOS, etc. >>> >>> ----- Message from jaearick@colby.edu --------- >>> Date: Thu, 2 Feb 2006 08:05:58 -0500 (EST) >>> From: "Jeff A. Earickson" >>> Reply-To: MailScanner discussion >>> Subject: Re: sendmail greet_pause feature >>> To: MailScanner discussion >>> >>> >>>> Same here. running Solaris 9 with sendmail 8.13.5. I've never >>>> touched the Lock Type setting. >>>> >>>> Jeff Earickson >>>> Colby College >>>> >>>> On Thu, 2 Feb 2006, Anthony Peacock wrote: >>>> >>>>> Date: Thu, 02 Feb 2006 10:32:50 +0000 >>>>> From: Anthony Peacock >>>>> Reply-To: MailScanner discussion >>>>> To: MailScanner discussion >>>>> Subject: Re: sendmail greet_pause feature >>>>> >>>>> Hi, >>>>> >>>>> Joost Waversveld wrote: >>>>>> You must force posix locking... The standard will be flock >>>>>> locking. I thought Julian is thinking about changing the standard >>>>>> to posix, but at the moment the standard is still "flock" >>>>>> >>>>>> So it must be "Lock Type = posix" for you... ;) >>>>> >>>>> Is this true for all OSs? >>>>> >>>>> I am using Sendmail 8.13 and the default locking on Solaris and I >>>>> am not having any problems at all. I always thought the advice was >>>>> only change this if you are having problems. I also recall that >>>>> the requirement for posix locking is dependent on the OS. >>>>> >>>>> Grateful for any correction. >>>>> >>>>> >>>>>> >>>>>> Joost Waversveld >>>>>> >>>>>> ----- Message from wmcdonald@gmail.com --------- >>>>>> Date: Thu, 2 Feb 2006 09:53:08 +0000 >>>>>> From: Will McDonald >>>>>> Reply-To: MailScanner discussion >>>>>> Subject: Re: sendmail greet_pause feature >>>>>> To: MailScanner discussion >>>>>> >>>>>> >>>>>>> On 01/02/06, Julian Field wrote: >>>>>>> >>>>>>>> On Linux, sendmail 8.13 and upwards needs posix, anything before >>>>>>>> 8.13 >>>>>>>> needs flock. >>>>>>> >>>>>>> Is locking autodetecting, if you see what I mean? In the >>>>>>> MailScanner.conf it says... >>>>>>> >>>>>>> # How to lock spool files. >>>>>>> # Don't set this unless you *know* you need to. >>>>>>> # For sendmail, it defaults to "flock". >>>>>>> # For sendmail 8.13 onwards, you will probably need to change it >>>>>>> to posix. >>>>>>> # For Exim, it defaults to "posix". >>>>>>> # No other type is implemented. >>>>>>> Lock Type = >>>>>>> >>>>>>> Does MailScanner *know* I'm running 8.13 or should I force posix >>>>>>> locking? >>>>>>> >>>>>>> Will. >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> >>>>>> >>>>>> ----- End message from wmcdonald@gmail.com ----- >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Anthony Peacock >>>>> CHIME, Royal Free & University College Medical School >>>>> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>>>> "The most exciting phrase to hear in science, the one that heralds >>>>> new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac >>>>> Asimov >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> ----- End message from jaearick@colby.edu ----- >>> >>> >> >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "The most exciting phrase to hear in science, the one that heralds new >> discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ----- End message from a.peacock@chime.ucl.ac.uk ----- > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From john at tradoc.fr Fri Feb 3 12:48:13 2006 From: john at tradoc.fr (John Wilcock) Date: Fri Feb 3 12:48:20 2006 Subject: Remove time from logwatch reports In-Reply-To: <1138632634.3244.3.camel@dwarfstar.stellarcore.net> References: <200601301200.k0UC0JgL009618@bkserver.blacknight.ie> <1138632634.3244.3.camel@dwarfstar.stellarcore.net> Message-ID: <43E3510D.4000108@tradoc.fr> Mike Tremaine wrote: > In the long run as soon as I upgrade to 4.50 I'll patch the mailscanner > script to do the right thing. Here's a patch (against logwatch 7.2.1) that should do the trick - ignoring MailScanner's new batch timing lines and reporting on the number of SA cache hits. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr -------------- next part -------------- --- mailscanner-lw721 2006-02-02 11:18:13.000000000 +0100 +++ mailscanner 2006-02-03 13:29:10.000000000 +0100 @@ -87,7 +87,12 @@ ( $ThisLine =~ m/^Started SQL Logging child/ ) or ( $ThisLine =~ m/^Starting up SQL Whitelist|Blacklist/ ) or ( $ThisLine =~ m/^Read .+ whitelist|blacklist entries/ ) or - ( $ThisLine =~ m/^Closing down by-domain spam whitelist|blacklist/ ) + ( $ThisLine =~ m/^Closing down by-domain spam whitelist|blacklist/ ) or + ( $ThisLine =~ m/^Connected to SpamAssassin cache database/ ) or + ( $ThisLine =~ m/^Using SpamAssassin results cache/ ) or + ( $ThisLine =~ m/^Expired .+ records from the SpamAssassin cache/ ) or + ( $ThisLine =~ m/^Batch processed in .+ seconds/ ) or + ( $ThisLine =~ m/^\"Always Looked Up Last\" took .+ seconds/ ) ) { # We don't care about these } elsif ( $ThisLine =~ m/New Batch: Scanning ([0-9]+) messages, ([0-9]+) bytes/i) { @@ -236,8 +241,10 @@ $ImgTagSource{$1}++; } elsif ($ThisLine =~ m/Logged to MailWatch SQL/) { $MailWatchSQL++; - } elsif ($ThisLine =~ m/Quarantining modified message for .+/) { + } elsif ($ThisLine =~ m/Quarantining modified message for/) { $DisarmedQuarantined++; + } elsif ($ThisLine =~ m/SpamAssassin cache hit for message/) { + $SACacheHit++; } else { chomp($ThisLine); # Report any unmatched entries... @@ -271,6 +278,10 @@ } } +if ($SACacheHit > 0) { + print "\n\t\t" . $SACacheHit . ' hits from MailScanner SpamAssassin cache'; +} + if ($MailScan_Unscanned > 0) { print "\n\t" . $MailScan_Unscanned . ' Messages forwarded unscanned by MailScanner'; } From rgreen at trayerproducts.com Fri Feb 3 13:28:10 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Feb 3 13:28:31 2006 Subject: OT: Mail Archiving Message-ID: <43E35A6A.1080602@trayerproducts.com> Hello, I'm archiving mail to mbox files using the archive rules in MS. I was wondering if anyone knows of software that will move and compress the archived mail to conserve disk space? Any advice is welcome. Thanks! Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From housey at sme-ecom.co.uk Fri Feb 3 13:57:36 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Fri Feb 3 13:57:59 2006 Subject: Mail Archiving In-Reply-To: <43E35A6A.1080602@trayerproducts.com> Message-ID: I use archmbox from http://adc-archmbox.sourceforge.net/ is a pretty good tool. Hope it helps Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Rodney Green Sent: 03 February 2006 13:28 To: MailScanner mailing list Subject: OT: Mail Archiving Hello, I'm archiving mail to mbox files using the archive rules in MS. I was wondering if anyone knows of software that will move and compress the archived mail to conserve disk space? Any advice is welcome. Thanks! Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. From shuttlebox at gmail.com Fri Feb 3 14:08:57 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Feb 3 14:09:01 2006 Subject: OT: Mail Archiving In-Reply-To: <43E35A6A.1080602@trayerproducts.com> References: <43E35A6A.1080602@trayerproducts.com> Message-ID: <625385e30602030608r67d1faa3s37204fc8f4253f76@mail.gmail.com> On 2/3/06, Rodney Green wrote: > > Hello, > > I'm archiving mail to mbox files using the archive rules in MS. I was > wondering if anyone knows of software that will move and compress the > archived mail to conserve disk space? Any advice is welcome. > A simple line in crontab will do the job for you. 0 6 * * * find /yourarchivedir -type f -mtime +10 -exec gzip {} \; The above will gzip files older than 10 days. You can do whatever you want with similar commands. No need for extra software. I'm sure others will post more advanced examples, I just wrote a line from memory. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/a34593fa/attachment.html From MailScanner at ecs.soton.ac.uk Fri Feb 3 14:19:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 14:20:03 2006 Subject: OT: Mail Archiving In-Reply-To: <625385e30602030608r67d1faa3s37204fc8f4253f76@mail.gmail.com> References: <43E35A6A.1080602@trayerproducts.com> <625385e30602030608r67d1faa3s37204fc8f4253f76@mail.gmail.com> Message-ID: <701EFA27-1212-4933-A914-C519EC5D70FB@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/497f0cdd/PGP.bin From test at nextmill.net Fri Feb 3 14:30:59 2006 From: test at nextmill.net (test) Date: Fri Feb 3 14:31:04 2006 Subject: TNEF Expander Maxsize not working! (80 meg emails) Message-ID: <200602030630765.SM03436@70.182.179.161> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/6ebaef9d/attachment.html From MailScanner at ecs.soton.ac.uk Fri Feb 3 14:47:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 14:47:45 2006 Subject: TNEF Expander Maxsize not working! (80 meg emails) In-Reply-To: <200602030630765.SM03436@70.182.179.161> References: <200602030630765.SM03436@70.182.179.161> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Mount your /tmp using tmpfs, then it should be okay. On 3 Feb 2006, at 14:30, test wrote: > Even with TNEF Expander set to a max size of 10 megs, any file over > 80+ megs will cause MailScanner to 'crash', the child process lines > read 'expanding attachments' and then that process turns into a ! > Goes into a never ending cycle until I perform a MV of the super > large email from mqueue.in to mqueue to bypass the Mailscanner > check. Any ideas? This happens very often and I can't understand > why its not accepting the --maxsize setting. My /tmp/ is only 100 > megs (ram) and it can't handle the super large emails. > > MailScanner 4.50.15-1/Redhat Fedora Core 2/SA 3.1.0 > > Mailscanner.conf > > TNEF Expander = /usr/bin/tnef --maxsize=10000000 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+NtCfw32o+k+q+hAQGwZQgAu8yvWCpWsi9g4Lg2cfbqWDTEzY47pWmB y8p/kyJDcIMuNt4UOZCcmZS+mkOS3NkTIsxOraLaxBIJ5qdPD8CtV1wRv7NZVYeh r6AgjB95yrLXJHD2lkwevlc9mb0j7Qwz53uSIu8pF1tOdB7sINJE9G2j6OtwPYY5 LUocZQp/krr7W7QvI2ztSbenPM7YQIqbTTIFosE7dpW+GcKNG740dPh7hKc/OMtB s1aRmwO2XIrvG8uVTM7JxSvkS9O4/VtSRRD6WMfocUzOZvpXk3cWVZ4iVcjCkCqQ g6vFf+xwJltDxah9cVaNjUAz45TJDb7NYVFFbpOtTgMry+YpKx59ug== =UyQb -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rgreen at trayerproducts.com Fri Feb 3 14:48:02 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Feb 3 14:49:27 2006 Subject: OT: Mail Archiving In-Reply-To: <701EFA27-1212-4933-A914-C519EC5D70FB@ecs.soton.ac.uk> References: <43E35A6A.1080602@trayerproducts.com> <625385e30602030608r67d1faa3s37204fc8f4253f76@mail.gmail.com> <701EFA27-1212-4933-A914-C519EC5D70FB@ecs.soton.ac.uk> Message-ID: <43E36D22.8020008@trayerproducts.com> > find /yourarchivedir -type f -mtime +10 -print | xargs gzip > > will be faster :-) Thanks guys. I did some more searching and found another option that I'm testing. I found this: http://archivemail.sourceforge.net/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From test at nextmill.net Fri Feb 3 14:53:36 2006 From: test at nextmill.net (test) Date: Fri Feb 3 14:53:42 2006 Subject: TNEF Expander Maxsize not working! (80 meg emails) Message-ID: <200602030653234.SM02500@70.182.179.161> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/b0e302e2/attachment.html From dyioulos at firstbhph.com Fri Feb 3 14:54:25 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Feb 3 14:54:31 2006 Subject: OT: Mail Archiving In-Reply-To: <43E36D22.8020008@trayerproducts.com> References: <43E35A6A.1080602@trayerproducts.com> <701EFA27-1212-4933-A914-C519EC5D70FB@ecs.soton.ac.uk> <43E36D22.8020008@trayerproducts.com> Message-ID: <200602030954.25564.dyioulos@firstbhph.com> On Friday February 03 2006 9:48 am, Rodney Green wrote: > > find /yourarchivedir -type f -mtime +10 -print | xargs gzip > > > > will be faster :-) > > Thanks guys. I did some more searching and found another option that I'm > testing. I found this: http://archivemail.sourceforge.net/ > > If you're looking for a separate archiving tool, also take a look at Synonym (http://www.modulo.ro/content/view/55/1//). Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From test at nextmill.net Fri Feb 3 14:57:46 2006 From: test at nextmill.net (Brian) Date: Fri Feb 3 14:57:51 2006 Subject: TNEF Expander Maxsize not working! (80 meg emails) Message-ID: <200602030657328.SM02500@70.182.179.161> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/efebb7f4/attachment.html From greg at blastzone.com Fri Feb 3 15:23:45 2006 From: greg at blastzone.com (Greg Deputy) Date: Fri Feb 3 15:23:52 2006 Subject: Upgraded from 4.38 to 4.50 and WOW Message-ID: <0b8f01c628d5$d2c3cbf0$0a0a0a0a@greg> I upgraded my MailScanner installation last night from 4.38 to 4.50. It's a fedora box running postfix, and a smaller machine (p3 with 512M ram) that has been pretty much at capacity. Before the upgrade, the CPU utilization averaged 75%. After upgrading, the CPU utilization has dropped to 25%! The only thing that has changed is the MailScanner version. Looks like the recent changes have REALLY made a difference! http://mx.blastzone.com/mailscanner-mrtg/cpu/cpu.html MailScanner rocks. Thanks Julian! From gborders at jlewiscooper.com Fri Feb 3 15:24:35 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Fri Feb 3 15:26:16 2006 Subject: Remove time from logwatch reports In-Reply-To: <6E4EE040-DCC2-4C22-B1B1-639FCACC0630@ecs.soton.ac.uk> References: <00ce01c6272b$42124b50$1465a8c0@support01> <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> <43E30AED.1090003@rogers.com> <6E4EE040-DCC2-4C22-B1B1-639FCACC0630@ecs.soton.ac.uk> Message-ID: <43E375B3.7090907@jlewiscooper.com> >> I also don't like this feature. I've been trying to figure out how >> to remove it without success. Can you give me some hints how to do >> so. >> >> As well, I agree that >> >> Log Speed = no >> >> should mean exactly what it says...no speed logging. >> > > Either edit line 110 of MessageBatch, or else just set syslog.conf so > that mail.info is not logged to your maillog. Taking a look at the MessageBatch.pm file, I see in 'if' in there for the log variable, would this logic work? My Pearl is weak. ;) # before MailScanner::Log::InfoLog("Batch completed at %d bytes per second (%d / %d)", $speed, $totalbytes, $now-$this->{starttime}) if MailScanner::Config::Value('logspeed'); MailScanner::Log::InfoLog("Batch processed in %.2f seconds", $totaltime); # after if ( MailScanner::Config::Value('logspeed') ) { MailScanner::Log::InfoLog("Batch completed at %d bytes per second (%d / %d)", $speed, $totalbytes, $now-$this->{starttime}) MailScanner::Log::InfoLog("Batch processed in %.2f seconds", $totaltime); } Greg Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/a6bad431/attachment.html From glenn.steen at gmail.com Fri Feb 3 16:02:27 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 3 16:02:29 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <33703DB0-D85A-48B8-827F-F34A62F8CBB7@ecs.soton.ac.uk> References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> <223f97700602021405r50031af5m@mail.gmail.com> <223f97700602030149qcd5eca8x@mail.gmail.com> <33703DB0-D85A-48B8-827F-F34A62F8CBB7@ecs.soton.ac.uk> Message-ID: <223f97700602030802n4590764et@mail.gmail.com> On 03/02/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 3 Feb 2006, at 09:49, Glenn Steen wrote: > > > On 03/02/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> > >> On 2 Feb 2006, at 22:05, Glenn Steen wrote: > >> > >>> On 02/02/06, Scott Silva wrote: > >>>> Glenn Steen spake the following on 2/2/2006 1:05 PM: > >>>>> On 02/02/06, Scott Silva wrote: > >>> (snip) > >>>>>> One problem I see is either an old or no file > >>>>>> /etc/MailScanner/reports/en/languages.conf. See if this is > >>>>>> either a 0 length > >>>>>> file, or if you have a /etc/MailScanner/reports/en/ > >>>>>> languages.conf.rpmnew file. > >>>>> > >>>>> Ah yes. I actually (he said blushing) walked into that myself this > >>>>> time around... Silly cut'n'paste all the three lines... Oh > >>>>> well, if > >>>>> that is it, it?s just a matter of moving languages.old back into > >>>>> place... > >>>>> Jules, perhaps you should stress the need to look for an rpmnew > >>>>> file > >>>>> first, before blithely doing the upgrade(s)?... In the nice usage > >>>>> would be a good place... > >>>>> > >>>>> -- > >>>>> -- Glenn > >>>>> email: glenn < dot > steen < at > gmail < dot > com > >>>>> work: glenn < dot > steen < at > ap1 < dot > se > >>>> I thought Julian had fixed the upgrade_languages_conf to not do > >>>> this a few > >>>> months ago. Maybe my rememberer is busted... > >>>> I usually check, now, after being bitten by this one. > >>>> > >>> If so, he managed to un-fix it to this version:-). If you cu'n'oaste > >>> the suggested lines to do the upgrade the first one creates the > >>> zero.length file, and the subsequent move move it into place... > >>> Empirical study (meaning: I goofed up:) show that it certainly will > >>> behave as I describe;) > >>> > >> > >> Check you upgrade_MailScanner_conf or upgrade_languages_conf (one is > >> a link to the other) for this code > >> > >> Usage() unless $oldfname && $newfname && > >> -f $oldfname && -f $newfname && > >> -s $oldfname && -s $newfname; > >> > >> That really should do the job. > >> > > :-) > > Not really... The instructions are the in the Usage itself: > > -------------------- > > RPM > > === > > If you are using the RPM distributions then try this: > > > > cd /etc/MailScanner/reports/en > > upgrade_languages_conf languages.conf languages.conf.rpmnew > > > languages.new > > mv -f languages.conf languages.old > > mv -f languages.new languages.conf > > --------------------- > > Now, the upgrade thing behaves exactly right, BUT you still create a > > zero-lenght file because the Usage is printed to STDERR, and _nothing_ > > to STDOUT. Sure, it's pretty obvious whatwith the Usage carooming by > > on the screen, but still... If you try to make all this "unattended" > > or is a bit preoccupied with other things (that'd be me:-) it just > > _might_ slip by (not that I did let that happen, mind you:-). > > Note that this is singularly for when you do a cut'n'paste _from the > > Usage itself_. So having a few words about _not doing it if there's no > > rpmnew file_ might be a good idea. Specifically since this tend to > > crop up from time to time:-). > > So if the Usage is printed, I need to cat the incoming file to stdout > as well. Will that fix it? I'm not sure I 100% understand you if that > is not right. > Nah, just change the text in the Usage from If you are using the RPM distributions then try this: to If you are using the RPM distributions, and have a langauges.rpmnew file, then try this: or change the sugegsted commands to upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new test -f languages.conf.rpmnew && mv -f languages.conf languages.old test -f languages.conf.rpmnew && mv -f languages.new languages.conf && rm -f languages.conf.rpmnew ... The final rm could of course be an "mv -f langages.conf.rpmnew languages.conf.rpmnew.done", so that one don't lose the rpmnew file... It's just a suggestion though:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From craigwhite at azapple.com Fri Feb 3 16:21:45 2006 From: craigwhite at azapple.com (Craig White) Date: Fri Feb 3 16:22:00 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> Message-ID: <1138983705.26170.35.camel@lin-workstation.azapple.com> On Thu, 2006-02-02 at 16:44 -0800, Scott Silva wrote: > Drew Marshall spake the following on 2/2/2006 2:24 PM: > > Nice sig. Definitely takes signature of the week winner!! > > > If I can just figure out how to get thunderbird to use different signatues on > different news accounts from the same gmane account, I wouldn't have > MailScanner plugs going to the CentOS list. > > Oh well... Free advertising for Julian ;-) ---- do you mean the airplane sig? I kind of like that one. It's been kind of quiet on CentOS list lately anyway. Craig From Kevin_Miller at ci.juneau.ak.us Fri Feb 3 17:22:22 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Feb 3 17:22:29 2006 Subject: What is nobody doing? Message-ID: Since I upgraded one of my machines the other day (from 4.33 to 4.50.? beta) my /var/log/messages has been filling up with the messages below. I opened two term windows, one running 'tail -f /var/log/mail' and the other running 'tail -f /var/log/messges' then watched to see what it was happening. /var/log/messages: ================== Feb 2 08:18:23 mail3 su: (to nobody) root on none Feb 2 08:18:23 mail3 su: pam_unix2: session started for user nobody, service su Feb 2 08:18:23 mail3 su: pam_unix2: session finished for user nobody, service su /var/log/mail: ============== Feb 2 08:18:21 mail3 sendmail-in[6185]: k12HIK0g006185: to=, delay=00:00:00, mailer=esmtp, pri=33805, stat=queued Feb 2 08:18:22 mail3 MailScanner[5160]: New Batch: Scanning 1 messages, 4424 bytes Normally I see a few 'session started for user nobody' when updatedb runs, but these are happening everytime new mail arrives. The su seems to happen just after the message is queued, that is between the first and second lines in the mail log. Is this expected behavior? Why does root need to su to nobody to do whatever it's doing, when it never had to before? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From glenn.steen at gmail.com Fri Feb 3 18:52:11 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 3 18:52:30 2006 Subject: Typo in Action... Message-ID: <223f97700602031052h5add50b3q@mail.gmail.com> ... or "Le Grand Typo" strikes again.... Jules, what exactly happens to mails that hit an Action with a typo in it? And why doesn't MailScanner --lint pick up the typo? Let me explain what happened: Happy as a seal in a fish-shop I was busily tweaking my MailScanner.conf yesterday. During that time one of the Action statements accidentally happened to "morph" into Spam Action: deliverheader ... where ... is (of course) the rest of the actions on that one. After a not too long while, I discovered the typo and rectified it. Messages where passingthrough (according to MailWatch), but never being delivered.... And in the logs, there were never any mention of the usual requeueing (sory, am 2home, so no log examples today). I started hunting around (in the postfix queues and in /var/spool/MailScanner/*) but couldn't find any trace of them. Did I just deliver those into the bit-bucket? I've been running MailScanner --lint extensively, also when the error was there, but it never ever gave any indication that anything was wrong... Does the lint try these with just a plain --lint, or do I need use any of the other new (and as of yet untried, by me) options? And now you all know why I'm "Le Grand Typo":-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mrm at medicine.wisc.edu Fri Feb 3 19:57:20 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Fri Feb 3 19:58:06 2006 Subject: Blocking spam based on from address Message-ID: I'm using the latest release of MS and SA with sendmail 8.13 as the MTA setup as a relay to a Groupwise system. I'm having a big problem with spam that bogusly claims to come from within my own domain either via the envope sender or header sender or both. SA flags most of these as spam just fine, but the problem is that GW ignores the x-spam-status flag if the sender claims to be within your own domain and does not automatically move it to the junkmail folder. This is obviously a Groupwise problem that many people have complained to Novell about and they claim to be working on it, but that does no good for right now. Since we are using MS as a relay there is never a case where mail destined to a user within our domain will ever be from another user within our domain because that all happens internally within Groupwise. The only email that goes through MS that truthfully has a from address of our domain is outgoing email. Since MS calls sendmail, can MS tell sendmail to drop all email claiming to come from our domain unless it actually is, or is this something that I have to do at the MTA level? I really don't want to do reverse dns lookups for everything, because the only emails I'm concerned about are the ones claiming to come from within. I am already having sendmail block all bogus HELO's which claim to be the same DNS name as the MS machine. I know this isn't RFC compliant but after a couple months of dropping a few thousand spams per day with not a single complaint about it I'm pretty happy with it since I don't have to waste CPU cycles on processing them. I'd like to do something similar with the bogus from address emails, but am not sure if this is a MS or MTA issue. As a last resort, is it possible to have MS change the from address if the original from address is our domain and it gets flagged as spam? That would still cause the email to have to be processed completely, but would at least bypass the stupid Groupwise issue of ignoring the x-spam-status flag in the header because of a known domain name. Mike From Kevin_Miller at ci.juneau.ak.us Fri Feb 3 20:04:56 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Feb 3 20:05:00 2006 Subject: Blocking spam based on from address Message-ID: Michael Masse wrote: > I'm using the latest release of MS and SA with sendmail 8.13 as the > MTA setup as a relay to a Groupwise system. I'm having a big > problem with spam that bogusly claims to come from within my own > domain either via the envope sender or header sender or both. SA Have you set up SPF? That may help with some of that... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From glenn.steen at gmail.com Fri Feb 3 20:28:24 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 3 20:28:28 2006 Subject: Blocking spam based on from address In-Reply-To: References: Message-ID: <223f97700602031228p76dbe726g@mail.gmail.com> On 03/02/06, Kevin Miller wrote: > Michael Masse wrote: > > I'm using the latest release of MS and SA with sendmail 8.13 as the > > MTA setup as a relay to a Groupwise system. I'm having a big > > problem with spam that bogusly claims to come from within my own > > domain either via the envope sender or header sender or both. SA > > Have you set up SPF? That may help with some of that... > > ?m no sendmail guru, but this is pretty easy to implement in Postfix You do so with adequate sender restrictions (that check that the bozos don't use your addresses) and helo restrictions (again, check you get a fqdn or "literal IP address", and that neither are yours. Even if this might bend the letter of the RFCs it's OK (I'm to tired to remember what would be the point of allowing them to helo with your fqdn/ip). Only spammers/viruses do this. I've been using such restrictions for quite some time now, no ill effects. And combine that with just accepting mails destined to real email addresses, and you?ll be fine. I can provide some examples (come monday) upon request. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lbcadmin at gmail.com Fri Feb 3 21:44:55 2006 From: lbcadmin at gmail.com (Information Services) Date: Fri Feb 3 21:44:59 2006 Subject: Limit the number of days Message-ID: I am using the default location for MailScanner to archive mail: /var/spool/MailScanner/archive. I see that MailScanner keeps about 90 days before it starts deleting the archived mail. Where would I find the setting to change it to maintain even less days before it starts to delete? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/818046aa/attachment.html From res at ausics.net Fri Feb 3 22:43:03 2006 From: res at ausics.net (Res) Date: Fri Feb 3 22:43:09 2006 Subject: New speed benchmark In-Reply-To: <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: On Fri, 3 Feb 2006, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 3 Feb 2006, at 10:36, Res wrote: > >> On Thu, 2 Feb 2006, DAve wrote: >> >>> Julian Field wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> I forgot to add the MTA is sendmail >>>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>>>> Old Signed: 02/02/06 at 14:59:40 >>>>> I have just done a speed test. >>>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>>> clamavmodule >>>>> MailScanner setup: default >>>>> Speed: 770,000 messages per day >>> >>> What happens at 780,000 messages a day? >>> >> >> and at what loads > > Maintained about 10 which is what I would expect. 10? I hope to hell its on a 15 yo 5400 rpm ide thats only 8 msgs a second, we easily do more than that on dual xeon 2 gig ram with qmail and qmailscan and the load avgs constant 2-2.5 looks like i wont be trying to intergrate MS with our qmail servers, prolly a good idea since nobody has clear intructions on how to install with qmail anyway Still happy to use it on our sendmail boxes tho :) > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+M5OPw32o+k+q+hAQFMhggAkbE3ehk4UG3MHsz0wcRHi0Vof/XWqhsd > WUTBEsXtRVvx9ZshsLDHRWYX70P6u5VBChqiQKfGBUL/kYO69m44jO3Q189aOZgz > Xp8jSy5ly6OzAHXxCmHD22nyk2pdYuPI8Pkr59lK+r8CMh45rCqX7i4h4uIRfz8v > vIaLMsmmoeHFkcQBH+jMg5x2HlHVosWC+WnIjpQytU9K9ggEIKY92vnU+nN41j8P > FRTF07CFIjkoyYDWPr5rbquY1e1z+MyZ6QYQwFYWW+jxCfOFPHfwIMfTs6JQzzUL > GisT0NSjzSZ3KEIVeTQnma9J1oWFH5d3hN7VDYmOutlGoPn9+MBfDA== > =oUO7 > -----END PGP SIGNATURE----- > > -- Cheers Res From carl.andrews at crackerbarrel.com Fri Feb 3 23:11:44 2006 From: carl.andrews at crackerbarrel.com (Carl Andrews) Date: Fri Feb 3 23:12:50 2006 Subject: http://cme.mitre.org/index.html In-Reply-To: <43DA91F8.6080809@ecs.soton.ac.uk> References: <01ee01c62384$212adbf0$6500a8c0@kdinet.local> <43DA91F8.6080809@ecs.soton.ac.uk> Message-ID: <43E3E330.4070006@crackerbarrel.com> I just ran across this site and thought others on this list might find it useful. With all of the different AV engines we use, it is nice to see a place where all of the different names/aliases for each are identified. http://cme.mitre.org/index.html From lhaig at haigmail.com Fri Feb 3 23:21:24 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri Feb 3 23:21:34 2006 Subject: How does one downgrade? In-Reply-To: <43E282B4.5010201@ecs.soton.ac.uk> References: <43E25ED9.5090103@haigmail.com> <43E282B4.5010201@ecs.soton.ac.uk> Message-ID: <43E3E574.6070605@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Julian, I will give you direct access to the box if that would make things easier? Lance Julian Field wrote: > I would be very interested to work through your problems with 4.50 when > you have time. > > Lance Haig wrote: > I am having quite a time with the upgrade to 4.50.14 > > I get loads of dependency problems and a 15 characters text e-mail is > taking 20 plus seconds to work through the system. > > The system performed much better on 4.49.X for me. > > I need to go back to the system before I upgraded as it has been two > days now and the delay is quite bad. > > DO I just rename all the old directories and file to their original > names and all is ok? > > What files must I make sure to rename? > > Thanks Guys > > Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4+V0M4kHBIBZ61gRAl7jAJ9bViunmgkSsB+iISGc3t0vM3sY3ACfcEXh PA5KTvrsHlBKjmOsauIBoJI= =Pr2I -----END PGP SIGNATURE----- From shuttlebox at gmail.com Fri Feb 3 23:35:26 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Feb 3 23:35:29 2006 Subject: Limit the number of days In-Reply-To: References: Message-ID: <625385e30602031535hecad00dh35c0c7aebcfa7be4@mail.gmail.com> On 2/3/06, Information Services wrote: > > I am using the default location for MailScanner to archive mail: > /var/spool/MailScanner/archive. > I see that MailScanner keeps about 90 days before it starts deleting the > archived mail. Where would I find the setting to change it to maintain even > less days before it starts to delete? > Look in /etc/cron.daily, you will find a script called cleanquarantine.pl or similar (I'm not at work now). Inside it you have a setting for number of days to keep. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060204/f19fb79f/attachment.html From shuttlebox at gmail.com Fri Feb 3 23:38:09 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Feb 3 23:38:13 2006 Subject: New speed benchmark In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> On 2/3/06, Res wrote: > > 10? I hope to hell its on a 15 yo 5400 rpm ide > > thats only 8 msgs a second, we easily do more than that on dual xeon 2 > gig ram with qmail and qmailscan and the load avgs constant 2-2.5 > > looks like i wont be trying to intergrate MS with our qmail servers, > prolly a good idea since nobody has clear intructions on how to > install with qmail anyway > > Still happy to use it on our sendmail boxes tho :) > Is that with SA or just virus checking? I find that SA with all its network checks adds a lot more time than the virus scan. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060204/d609e5e7/attachment-0001.html From glenn.steen at gmail.com Sat Feb 4 00:05:41 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 4 00:05:47 2006 Subject: New speed benchmark In-Reply-To: <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> Message-ID: <223f97700602031605j3fdd1f28j@mail.gmail.com> On 04/02/06, shuttlebox wrote: > On 2/3/06, Res wrote: > > 10? I hope to hell its on a 15 yo 5400 rpm ide > > > > thats only 8 msgs a second, we easily do more than that on dual xeon 2 > > gig ram with qmail and qmailscan and the load avgs constant 2-2.5 > > > > looks like i wont be trying to intergrate MS with our qmail servers, > > prolly a good idea since nobody has clear intructions on how to > > install with qmail anyway > > > > Still happy to use it on our sendmail boxes tho :) > > > > Is that with SA or just virus checking? I find that SA with all its network > checks adds a lot more time than the virus scan. > Not to mention long IO waits that "synthetically" increase load (lots of state D processes). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Sat Feb 4 04:30:24 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Feb 4 04:30:42 2006 Subject: sendmail greet_pause feature In-Reply-To: <1f8fae340602020153i1a1b061h@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> Message-ID: <43E42DE0.7010401@nkpanama.com> Is there any way to run a check during install or upgrade to make sure, and then set it (or give a warning)? Maybe it could get incorporated into the next release. Will McDonald wrote: > On 01/02/06, Julian Field wrote: > > >> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >> needs flock. >> > > Is locking autodetecting, if you see what I mean? In the > MailScanner.conf it says... > > # How to lock spool files. > # Don't set this unless you *know* you need to. > # For sendmail, it defaults to "flock". > # For sendmail 8.13 onwards, you will probably need to change it to posix. > # For Exim, it defaults to "posix". > # No other type is implemented. > Lock Type = > > Does MailScanner *know* I'm running 8.13 or should I force posix locking? > > Will. > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/deee4893/attachment.html From res at ausics.net Sat Feb 4 05:39:14 2006 From: res at ausics.net (Res) Date: Sat Feb 4 05:39:23 2006 Subject: New speed benchmark In-Reply-To: <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> Message-ID: On Sat, 4 Feb 2006, shuttlebox wrote: > Is that with SA or just virus checking? I find that SA with all its > network checks adds a lot more time than the virus scan. With SA it loads to 4 but it gave us too many false alarms so we disabled it, even when we ran it we disabled most checks, the only thing it did was indicate spam content, we use qmail and sendmail to test RBL's etc, no point in accepting the full msg passing it to MS to reject/drop when we can reject on header only at MTA But qmailscan has a bad habbit of not being able to handle alot of stuff gracefully, which is why I was after a clear cut guide on how to install MS on a qmail system, because until the sendmail consortium can produce a copy of sendmail that works identical to qmail in relation to like with vpopmail for virtuals there is no beating that combination, be it for visp's or hosting. -- /peter -- Cheers Res From glenn.steen at gmail.com Sat Feb 4 10:17:04 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 4 10:17:08 2006 Subject: New speed benchmark In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> Message-ID: <223f97700602040217t77e23cd6k@mail.gmail.com> On 04/02/06, Res wrote: > On Sat, 4 Feb 2006, shuttlebox wrote: > > > Is that with SA or just virus checking? I find that SA with all its > > network checks adds a lot more time than the virus scan. > > With SA it loads to 4 but it gave us too many false alarms so we disabled > it, even when we ran it we disabled most checks, the only thing it did > was indicate spam content, we use qmail and sendmail to test RBL's etc, no > point in accepting the full msg passing it to MS to reject/drop when we > can reject on header only at MTA That in the greater part explains the difference in load avgs. Not that I know exactly what network tests Jules ran in this case, but your low figures are simply due to you not doing 1) SA, and 2) SAs BL lookups. As mentioned, these two tend to add some "real" load and (in the latter case) significant "unreal" load;-). > But qmailscan has a bad habbit of not being able to handle alot of stuff > gracefully, which is why I was after a clear cut guide on how to install > MS on a qmail system, because until the sendmail consortium can produce a > copy of sendmail that works identical to qmail in relation to like with > vpopmail for virtuals there is no beating that combination, be it for > visp's or hosting. Did someone mention postfix ....:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From bpumphrey at WoodMacLaw.com Fri Feb 3 16:17:34 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Sat Feb 4 11:03:10 2006 Subject: OT: Win32/Mywife.E@mm Message-ID: <04D932B0071FE34FA63EBB1977B48D15C2B93D@woodenex.woodmaclaw.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 73 bytes Desc: image001.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/9cdfaddc/attachment-0001.gif From ius at rbrana.co.id Sat Feb 4 04:46:22 2006 From: ius at rbrana.co.id (ius) Date: Sat Feb 4 11:03:31 2006 Subject: DCC failure Message-ID: <43E4319E.8050301@rbrana.co.id> Dear mailscanner, I got this error messages when do the spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly and placed where it should be [7934] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc Does anyone know what it is ? why this happening ? Thanks alot ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 4 11:11:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 11:11:55 2006 Subject: Blocking spam based on from address In-Reply-To: References: Message-ID: <43E48BFB.7060900@ecs.soton.ac.uk> Michael Masse wrote: > Since we are using MS as a relay there is never a case where mail > destined to a user within our domain will ever be from another user > within our domain because that all happens internally within Groupwise. > The only email that goes through MS that truthfully has a from address > of our domain is outgoing email. Since MS calls sendmail, can MS tell > sendmail to drop all email claiming to come from our domain unless it > actually is, or is this something that I have to do at the MTA level? > You could use a ruleset for "Reject Message" saying something like From: yourdomain.com and 152.67. no FromOrTo: default yes That way only mail whose sender is user@yourdomain.com and comes from the 152.67. network is allowed through. All other mail is rejected with a nice polite message. You could better apply this ruleset is "Is High Scoring Spam" instead so that you can just drop it with a "delete" action rather than send a bounce message, which is very bad practice. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 4 11:17:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 11:18:00 2006 Subject: New speed benchmark In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: <43E48D67.8080205@ecs.soton.ac.uk> Res wrote: > On Fri, 3 Feb 2006, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 3 Feb 2006, at 10:36, Res wrote: >> >>> On Thu, 2 Feb 2006, DAve wrote: >>> >>>> Julian Field wrote: >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> I forgot to add the MTA is sendmail >>>>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>>>>> Old Signed: 02/02/06 at 14:59:40 >>>>>> I have just done a speed test. >>>>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>>>> clamavmodule >>>>>> MailScanner setup: default >>>>>> Speed: 770,000 messages per day >>>> >>>> What happens at 780,000 messages a day? >>>> >>> >>> and at what loads >> >> Maintained about 10 which is what I would expect. > > 10? I hope to hell its on a 15 yo 5400 rpm ide > > thats only 8 msgs a second, we easily do more than that on dual xeon 2 > gig ram with qmail and qmailscan and the load avgs constant 2-2.5 Not wanting to start a flame war, but does qmailscan do all the HTML analysis and phishing detection and all the extras you get with MailScanner? It's far from just being an av wrapper bolted to SpamAssassin. If I ran it as that, I would get far more messages per second too. I was running on a default setup, which has all features switched on. I was trying to produce a useful figure, not a marketing FUD benchmark. A load average of 10 is totally acceptable, please read up on what it actually means, it's not an indicator of CPU load. :-) However, I agree with you on the qmail support for MailScanner. There is a company that does all that, I leave them to it as I have never much liked qmail anyway ;) ;) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 4 11:27:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 11:27:21 2006 Subject: New speed benchmark In-Reply-To: <223f97700602040217t77e23cd6k@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> Message-ID: <43E48F99.6090508@ecs.soton.ac.uk> Glenn Steen wrote: > On 04/02/06, Res wrote: > >> On Sat, 4 Feb 2006, shuttlebox wrote: >> >> >>> Is that with SA or just virus checking? I find that SA with all its >>> network checks adds a lot more time than the virus scan. >>> >> With SA it loads to 4 but it gave us too many false alarms so we disabled >> it, even when we ran it we disabled most checks, the only thing it did >> was indicate spam content, we use qmail and sendmail to test RBL's etc, no >> point in accepting the full msg passing it to MS to reject/drop when we >> can reject on header only at MTA >> > > That in the greater part explains the difference in load avgs. Not > that I know exactly what network tests Jules ran in this case, but > your low figures are simply due to you not doing 1) SA, and 2) SAs BL > lookups. As mentioned, these two tend to add some "real" load and (in > the latter case) significant "unreal" load;-). > No RBLs in MailScanner, but with SpamAssassin, DCC and Razor. 1 virus scanner. No rules_du_jour but just the rules that come supplied with SpamAssassin 3.1. Basically a default install of MailScanner 4.50, i.e. everything switched on. The only things I added were SA3.1, DCC and Razor. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 4 11:30:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 11:30:15 2006 Subject: DCC failure In-Reply-To: <43E4319E.8050301@rbrana.co.id> References: <43E4319E.8050301@rbrana.co.id> Message-ID: <43E49048.2010204@ecs.soton.ac.uk> If you didn't use my easy-installation Clam+SA package, you won't know that you need to edit a particular file. It is often found in /etc/mail/spamassassin/init.pre. You need to uncomment the DCC line. If you want to use the SURBL plugins and various useful tools like that, you will need to add some extra lines to load these plugins. My script does all this stuff for you, and tells you what to edit and what to do. :-) ius wrote: > Dear mailscanner, > > I got this error messages when do the spamassassin -D --lint -p > /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly > and placed where it should be > > [7934] warn: config: failed to parse line, skipping: dcc_path > /usr/local/bin/dccproc > [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc > > Does anyone know what it is ? why this happening ? > > Thanks alot > ius > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Sat Feb 4 12:11:31 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat Feb 4 12:11:43 2006 Subject: New speed benchmark In-Reply-To: <223f97700602040217t77e23cd6k@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> Message-ID: <7DAF7873-6D47-49C4-B3E1-25E9B79BD6F7@themarshalls.co.uk> On 4 Feb 2006, at 10:17, Glenn Steen wrote: > > Did someone mention postfix ....:-):-) That's fighting talk in some lists :-) (But I am biased ;-) ) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From pete at enitech.com.au Sat Feb 4 12:13:55 2006 From: pete at enitech.com.au (Pete Russell) Date: Sat Feb 4 12:14:41 2006 Subject: New speed benchmark In-Reply-To: <43E48F99.6090508@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> Message-ID: <43E49A83.8030308@enitech.com.au> What was the content of the 770k of mail? EG 60%+ of spam and viruses? Many emails with attachements, nested zip files or anything? 770k completely different emails? Just curious. Thanks Pete Julian Field wrote: > > > Glenn Steen wrote: > >> On 04/02/06, Res wrote: >> >> >>> On Sat, 4 Feb 2006, shuttlebox wrote: >>> >>> >>> >>>> Is that with SA or just virus checking? I find that SA with all its >>>> network checks adds a lot more time than the virus scan. >>>> >>> >>> With SA it loads to 4 but it gave us too many false alarms so we >>> disabled >>> it, even when we ran it we disabled most checks, the only thing it did >>> was indicate spam content, we use qmail and sendmail to test RBL's >>> etc, no >>> point in accepting the full msg passing it to MS to reject/drop when we >>> can reject on header only at MTA >>> >> >> >> That in the greater part explains the difference in load avgs. Not >> that I know exactly what network tests Jules ran in this case, but >> your low figures are simply due to you not doing 1) SA, and 2) SAs BL >> lookups. As mentioned, these two tend to add some "real" load and (in >> the latter case) significant "unreal" load;-). >> > > No RBLs in MailScanner, but with SpamAssassin, DCC and Razor. > 1 virus scanner. No rules_du_jour but just the rules that come supplied > with SpamAssassin 3.1. > Basically a default install of MailScanner 4.50, i.e. everything > switched on. The only things I added were SA3.1, DCC and Razor. > From MailScanner at ecs.soton.ac.uk Sat Feb 4 12:20:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 12:20:36 2006 Subject: New speed benchmark In-Reply-To: <43E49A83.8030308@enitech.com.au> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> Message-ID: <43E49C13.70802@ecs.soton.ac.uk> It was just a copy of our incoming email feed for a while, so it was a totally normal spread of everything. No point testing things on fiddled or generated mail. Pete Russell wrote: > What was the content of the 770k of mail? EG 60%+ of spam and viruses? > Many emails with attachements, nested zip files or anything? > > 770k completely different emails? > > Just curious. > Thanks > Pete > > Julian Field wrote: >> >> >> Glenn Steen wrote: >> >>> On 04/02/06, Res wrote: >>> >>> >>>> On Sat, 4 Feb 2006, shuttlebox wrote: >>>> >>>> >>>>> Is that with SA or just virus checking? I find that SA with all its >>>>> network checks adds a lot more time than the virus scan. >>>>> >>>> >>>> With SA it loads to 4 but it gave us too many false alarms so we >>>> disabled >>>> it, even when we ran it we disabled most checks, the only thing it >>>> did >>>> was indicate spam content, we use qmail and sendmail to test RBL's >>>> etc, no >>>> point in accepting the full msg passing it to MS to reject/drop >>>> when we >>>> can reject on header only at MTA >>>> >>> >>> >>> That in the greater part explains the difference in load avgs. Not >>> that I know exactly what network tests Jules ran in this case, but >>> your low figures are simply due to you not doing 1) SA, and 2) SAs BL >>> lookups. As mentioned, these two tend to add some "real" load and (in >>> the latter case) significant "unreal" load;-). >>> >> >> No RBLs in MailScanner, but with SpamAssassin, DCC and Razor. >> 1 virus scanner. No rules_du_jour but just the rules that come >> supplied with SpamAssassin 3.1. >> Basically a default install of MailScanner 4.50, i.e. everything >> switched on. The only things I added were SA3.1, DCC and Razor. >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at mango.zw Sat Feb 4 13:27:13 2006 From: mailscanner at mango.zw (Jim Holland) Date: Sat Feb 4 13:31:55 2006 Subject: OT: Win32/Mywife.E@mm In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15C2B93D@woodenex.woodmaclaw.local> Message-ID: Someone wrote: > > > Naturally as long as everything is up to date things should be ok. > > > People don't really know that a virus is going to happen before it does > > > do they? > > Only if the bug has a timer/date trigger in them. They get installed, > > then lie in wait, and BAM do nasty things later. Once detected early, > > we effectively reverse engineer the virus code, know that the virus will > > trigger in the future, thus know it's going to happen before. Once users > > update their scanning softs they can be assured the bug will be > > eradicated before they trigger. > > The media is a funny animal, they latch onto these bugs seemingly at > > random, spreading doom and gloom, when we techs know that new bugs are > > a daily occurrence, and are quickly and quietly squished by anti-virus > > community. Of course the media loves to hype these things, but I think that this was a valid case for some extra attention. Not only was the worm particularly destructive (just one single infected machine on a network could have destroyed all files in a shared folder on a file server that the machine had access to), but early copies did manage to get through the virus scanners and MailScanner itself. I have not come across that situation since the Bagle worm with its password-protected zip files. Because we log the attachments that are sent to users we were able to determine that 6 of our 2500 members had received copies of the virus in uuencoded form. One of those 6 then opened the attachment with WinZip and got infected as a result. Fortunately we were able to clean up their infection before Friday, so no damage was done. I think the media hype was a useful wakeup call to ordinary users to get them to update their antivirus software and to keep backups on separate media. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From glenn.steen at gmail.com Sat Feb 4 14:01:14 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 4 14:01:18 2006 Subject: New speed benchmark In-Reply-To: <43E49C13.70802@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> <43E49C13.70802@ecs.soton.ac.uk> Message-ID: <223f97700602040601o45bd5e3bi@mail.gmail.com> On 04/02/06, Julian Field wrote: > It was just a copy of our incoming email feed for a while, so it was a > totally normal spread of everything. No point testing things on fiddled > or generated mail. > In that case I'd have to say it's a truly awe-inspiring benchmark. It would be _very_ interresting to hear what a similar test with Postfix, Exim and Zmailer (and Sendmail, of course) would give (preferably on the same stream of messages... "replaying" or four identical boxes...). I've nevere seen that type of statistic thats been reliable, it'd be a treat! BTW, Jules ... Could you, pretty please, look at my post about typos in actions? Or has that area been covered extensively before? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Feb 4 14:56:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 14:56:57 2006 Subject: New speed benchmark In-Reply-To: <223f97700602040601o45bd5e3bi@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> <43E49C13.70802@ecs.soton.ac.uk> <223f97700602040601o45bd5e3bi@mail.gmail.com> Message-ID: <43E4C0B9.4030905@ecs.soton.ac.uk> Glenn Steen wrote: > BTW, Jules ... Could you, pretty please, look at my post about typos > in actions? Or has that area been covered extensively before? > A patch for Message.pm is attached. Apply the patch with cd /usr/lib/MailScanner/MailScanner gunzip Message.pm.patch.gz patch < Message.pm.patch then restart MailScanner. It logs the error message to syslog and then adds the "deliver" action to whatever you have set, just for safety so that no message is dropped because of your typo. Due to the the list of spam actions is now parsed, as it has arbitrary strings (including possibly multiple spaces) for headers, and email addresses in it, it is no longer just a list of possible words. So it cannot be caught by --lint. So it can only be detected when it is called at run-time, hence the extra safety measure of adding the "deliver" action. Let me know how you get on. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.patch.gz Type: application/x-gzip Size: 878 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060204/992ce3c9/Message.pm.patch.gz From w.halsall at farn-ct.ac.uk Sat Feb 4 15:11:05 2006 From: w.halsall at farn-ct.ac.uk (WILL HALSALL) Date: Sat Feb 4 15:11:34 2006 Subject: OT: but Sendmail experst please help In-Reply-To: References: Message-ID: Hi all, I had a test message from maps regarding open relays. Our sendmail will accept for deliver messages of the format but will not accept mail for deliver with format . could one of the sendmail experts please explain how to stop this? below is the telnet session Thanks WillH ehlo fcot5.farn-ct.ac.uk 220 fcot5.farn-ct.ac.uk ESMTP Sendmail 8.13.5/8.13.5; Sat, 4 Feb 2006 14:50:20 G MT 250-fcot5.farn-ct.ac.uk Hello [172.16.20.43], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-DELIVERBY 250 HELP 250 2.1.0 ... Sender ok rcpt to: 450 4.4.0 ... Relaying temporarily denied. Cannot reso lve PTR record for 172.16.20.43 rcpt to: 250 2.1.5 ... Recipient ok ********************************************************************** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify Farnborough College of Technology. E-mail: postmaster@farn-ct.ac.uk ********************************************************************** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ucs_rat at shsu.edu Sat Feb 4 16:01:53 2006 From: ucs_rat at shsu.edu (Robert A. Thompson) Date: Sat Feb 4 16:01:59 2006 Subject: qf file left behind Message-ID: <1139068913.3230.113.camel@ra.thehouse.com> I searched through the list archive and found a post about mailscanner leaving qf files in the mqueue.in folder, however didn't see any response to it. Is anyone else noticing this? It is very rare under normal circumstances for us, however after adding a set of mail gateways in front of our primary mail server we decided to not virus scan or spam scan anything coming from those two servers. After adding a custom ruleset to "Spam Check =" we are able to replicate this at an extremely fast pace ( about 3 or 4 qf files a minute at least) and this is happening on all the servers in the setup. I'm willing to help troubleshoot and offer up any data needed to help with this but not sure what is needed or how to acquire it at the moment. Anyone have any thoughts? --Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060204/df6b595e/attachment.html From MailScanner at ecs.soton.ac.uk Sat Feb 4 16:25:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 16:26:32 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: <43E4D58D.4000809@ecs.soton.ac.uk> Res wrote: > On Fri, 3 Feb 2006, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> On 3 Feb 2006, at 10:36, Res wrote: >>> On Thu, 2 Feb 2006, DAve wrote: >>>> Julian Field wrote: >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> I forgot to add the MTA is sendmail >>>>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>>>>> Old Signed: 02/02/06 at 14:59:40 >>>>>> I have just done a speed test. >>>>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>>>> clamavmodule >>>>>> MailScanner setup: default >>>>>> Speed: 770,000 messages per day > > 10? I hope to hell its on a 15 yo 5400 rpm ide > > thats only 8 msgs a second, we easily do more than that on dual xeon 2 > gig ram with qmail and qmailscan and the load avgs constant 2-2.5 > > looks like i wont be trying to intergrate MS with our qmail servers, > prolly a good idea since nobody has clear intructions on how to > install with qmail anyway > > Still happy to use it on our sendmail boxes tho :) As a comparison with qmailscan, I ran MailScanner with just the Virus Scanning turned on, and all the spam checks and dangerous HTML checks switched off. So just as a virus scanner it managed Hardware: dual Opteron, 4Gb RAM, SCSI disk. Software: RHEL4, MailScanner 4.50 MailScanner setup: Virus scanning only Speed: 4,700,000 messages per day = 55 messages per second Can qmailscan beat that? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 4 16:28:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 16:28:18 2006 Subject: qf file left behind In-Reply-To: <1139068913.3230.113.camel@ra.thehouse.com> References: <1139068913.3230.113.camel@ra.thehouse.com> Message-ID: <43E4D61A.5080708@ecs.soton.ac.uk> Robert A. Thompson wrote: > I searched through the list archive and found a post about mailscanner > leaving qf files in the mqueue.in folder, however didn't see any > response to it. Is anyone else noticing this? It is very rare under > normal circumstances for us, however after adding a set of mail > gateways in front of our primary mail server we decided to not virus > scan or spam scan anything coming from those two servers. After > adding a custom ruleset to "Spam Check =" we are able to replicate > this at an extremely fast pace ( about 3 or 4 qf files a minute at > least) and this is happening on all the servers in the setup. > > I'm willing to help troubleshoot and offer up any data needed to help > with this but not sure what is needed or how to acquire it at the > moment. Anyone have any thoughts? My best guess would be the Lock Type setting. If you are on Linux running sendmail 8.12 or older, you need to set Lock Type = flock, as it will use posix by default with sendmail. This is a change to previous versions, most of my users run 8.13 on Linux so the default is set for them so it is correct for most people. But yours may be wrong. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ucs_rat at shsu.edu Sat Feb 4 16:47:17 2006 From: ucs_rat at shsu.edu (Robert A. Thompson) Date: Sat Feb 4 16:47:21 2006 Subject: qf file left behind References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> Message-ID: > My best guess would be the Lock Type setting. If you are on Linux running > sendmail 8.12 or older, you need to set Lock Type = flock, as it will use > posix by default with sendmail. This is a change to previous versions, > most of my users run 8.13 on Linux so the default is set for them so it is > correct for most people. But yours may be wrong. appears to be a good guess (Thanks Julian). I've started tweaking with the locking and so far so good. In our case, I set it to posix. We are running rhel4 with sendmail 8.13 and mailscanner 4.49 (fixing to go to 50). We hadn't set any settings on lock type, but setting to posix and restarting appears to be doing the trick. (still early though) --Robert From glenn.steen at gmail.com Sat Feb 4 16:47:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 4 16:47:43 2006 Subject: New speed benchmark In-Reply-To: <43E4C0B9.4030905@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> <43E49C13.70802@ecs.soton.ac.uk> <223f97700602040601o45bd5e3bi@mail.gmail.com> <43E4C0B9.4030905@ecs.soton.ac.uk> Message-ID: <223f97700602040847y6ecf984al@mail.gmail.com> On 04/02/06, Julian Field wrote: > Glenn Steen wrote: > > BTW, Jules ... Could you, pretty please, look at my post about typos > > in actions? Or has that area been covered extensively before? > > > A patch for Message.pm is attached. Apply the patch with > > cd /usr/lib/MailScanner/MailScanner > gunzip Message.pm.patch.gz > patch < Message.pm.patch > > then restart MailScanner. > > It logs the error message to syslog and then adds the "deliver" action > to whatever you have set, just for safety so that no message is dropped > because of your typo. > > Due to the the list of spam actions is now parsed, as it has arbitrary > strings (including possibly multiple spaces) for headers, and email > addresses in it, it is no longer just a list of possible words. So it > cannot be caught by --lint. > > So it can only be detected when it is called at run-time, hence the > extra safety measure of adding the "deliver" action. > > Let me know how you get on. > Will apply it come monday! Thanks! Thought that might be why, and ... dreaded... that would be the effect. Oh well. Checks in the logs and comparisons to the final destinations show that during the short while it was wrong, I dropped approximately 350 messages... Boy, do I feel the fool (I'll need use a brown paper bag for several weeks, I know:-). Of all those mails, 1 (one!) was asked about... So what were the rest? Mostly "crucial market data and analysis"... Not spam though, the real deal. My users get way to much mail/head to be able to read them all, not to mention miss any.. My fat fingers only saving grace:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Feb 4 17:03:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 17:03:10 2006 Subject: qf file left behind In-Reply-To: References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> Message-ID: <43E4DE4E.9050201@ecs.soton.ac.uk> Robert A. Thompson wrote: >> My best guess would be the Lock Type setting. If you are on Linux running >> sendmail 8.12 or older, you need to set Lock Type = flock, as it will use >> posix by default with sendmail. This is a change to previous versions, >> most of my users run 8.13 on Linux so the default is set for them so it is >> correct for most people. But yours may be wrong. >> > > appears to be a good guess (Thanks Julian). I've started tweaking with > the locking and so far so good. In our case, I set it to posix. We are > running rhel4 with sendmail 8.13 and mailscanner 4.49 (fixing to go to > 50). We hadn't set any settings on lock type, but setting to posix and > restarting appears to be doing the trick. (still early though) > sendmail 8.13 on Linux is the classic one that always needs to be posix. This has become the default in MailScanner 4.50. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brad at beckenhauer.com Sat Feb 4 17:48:05 2006 From: brad at beckenhauer.com (Brad Beckenhauer) Date: Sat Feb 4 17:48:16 2006 Subject: MailScanner --lint & MS 4.50-15 Message-ID: Hi Julian, Running MS 4.50-15 using the tarball install and using Postfix The system is running ok and email is processing normally. My system is more leading/bleeding edge and I get an interesting perl message when running "MailScanner --lint" that I just wanted to show to you. Since I'm more of a novice at perl, I think this is due to the more recent perl version I'm running and so I'm sending this in case it will be useful to you (or not). Anyway, here's some output for you. [root@mail bin]# ./MailScanner --lint Read 709 hostnames from the phishing whitelist Config: calling custom init function IPBlock Could not use Custom Function code MailScanner::CustomConfig::InitIPBlock, it could not be "eval"ed. Make sure the module is correct with perl -wc at /opt/MailScanner/lib/MailScanner/Config.pm line 803 Cannot write pid file , No such file or directory at ./MailScanner line 1238 MailScanner setting GID to (73) MailScanner setting UID to (73) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav bitdefender mcafee" Found these virus scanners installed: bitdefender, clamavmodule, mcafee [root@mail bin]# perl -wc /opt/MailScanner/lib/MailScanner/CustomConfig.pm Unquoted string "hostname" may clash with future reserved word at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 300. Parameterless "use IO" deprecated at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 749 "my" variable $LimitsH masks earlier declaration in same scope at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 796. Use of implicit split to @_ is deprecated at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 822. Use of implicit split to @_ is deprecated at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 838. /opt/MailScanner/lib/MailScanner/CustomConfig.pm syntax OK [root@mail bin]# perl --version This is perl, v5.8.7 built for i686-linux-thread-multi (with 1 registered patch, see perl -V for more detail) [root@mail bin]# perl -V Summary of my perl5 (revision 5 version 8 subversion 7) configuration: Platform: osname=linux, osvers=2.6.14-arch, archname=i686-linux-thread-multi uname='linux earth 2.6.14-arch #1 smp preempt sat dec 17 14:46:38 pst 2005 i686 amd athlon(tm) processor authenticamd gnulinux ' config_args='-des -Dprefix=/usr -Dinstallprefix=/usr -Dman1dir=/usr/man/man1 -Dman3dir=/usr/man/man3 -Doptimize=-march=i686 -O2 -pipe -Dusethreads' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-march=i686 -O2 -pipe', cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -I/usr/local/include' ccversion='', gccversion='4.0.3 20051006 (prerelease)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc libc=/lib/libc-2.3.5.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.3.5' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: MULTIPLICITY USE_ITHREADS USE_LARGE_FILES PERL_IMPLICIT_CONTEXT Locally applied patches: SPRINTF0 - fixes for sprintf formatting issues - CVE-2005-3962 Built under linux Compiled at Dec 30 2005 12:13:39 @INC: /usr/lib/perl5/5.8.7/i686-linux-thread-multi /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl/5.8.7/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl . -------------- next part -------------- Skipped content of type multipart/related From dave.list at pixelhammer.com Sat Feb 4 19:53:28 2006 From: dave.list at pixelhammer.com (DAve) Date: Sat Feb 4 19:53:48 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E4D58D.4000809@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> Message-ID: <43E50638.4060601@pixelhammer.com> Julian Field wrote: > Res wrote: > >> On Fri, 3 Feb 2006, Julian Field wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> On 3 Feb 2006, at 10:36, Res wrote: >>> >>>> On Thu, 2 Feb 2006, DAve wrote: >>>> >>>>> Julian Field wrote: >>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> I forgot to add the MTA is sendmail >>>>>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>>>> >>>>>>>> Old Signed: 02/02/06 at 14:59:40 >>>>>>> >>>>>>> I have just done a speed test. >>>>>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>>>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>>>>> clamavmodule >>>>>>> MailScanner setup: default >>>>>>> Speed: 770,000 messages per day >> >> >> 10? I hope to hell its on a 15 yo 5400 rpm ide >> >> thats only 8 msgs a second, we easily do more than that on dual xeon 2 >> gig ram with qmail and qmailscan and the load avgs constant 2-2.5 >> >> looks like i wont be trying to intergrate MS with our qmail servers, >> prolly a good idea since nobody has clear intructions on how to >> install with qmail anyway >> >> Still happy to use it on our sendmail boxes tho :) > > As a comparison with qmailscan, I ran MailScanner with just the Virus > Scanning turned on, and all the spam checks and dangerous HTML checks > switched off. > So just as a virus scanner it managed > > Hardware: dual Opteron, 4Gb RAM, SCSI disk. > Software: RHEL4, MailScanner 4.50 > MailScanner setup: Virus scanning only > Speed: 4,700,000 messages per day > = 55 messages per second > > Can qmailscan beat that? > We run qmail on all our servers except the gateways, which run MS and Sendmail, ClamAV/Bitdefender. Each gateway is a PIII with 1gb ram and SATA raid 0. We currently process 40k messages a day on each gateway(rejecting 70k+ with rbl), and load is minimal, the servers are bored. I use SA only on domains we "scrub" and pass on to the clients exchange server. We have several qmail toasters behind the gateways running SA with per user prefs for all the accounts we host. I do not believe any qmail solution such as qmailscan could keep up. Possibly qmail could keep up if you ran simscan, which is written in C. My experience testing solutions, was that any qmailqueue replacement written in Perl was nice for a business install, but unacceptable for an ISP install with large traffic levels. This is not a flame, I love qmail (once I got my mind wrapped around it) and I've run sendmail/postfix/exim. Each has advantages. The bottleneck is the replacement of qmailqueue with Perl. IMO. We looked at OpenProtect (?) but did not test it, only because we wanted Julians support and Julian didn't write it. If MailScanner someday supported qmail, we would switch from Sendmail. It seems to me the only difference is the queue and message structures. The rest of MS would not be affected? Just my 2 cents. DAve From res at ausics.net Sat Feb 4 22:21:13 2006 From: res at ausics.net (Res) Date: Sat Feb 4 22:21:23 2006 Subject: New speed benchmark In-Reply-To: <223f97700602040217t77e23cd6k@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> Message-ID: On Sat, 4 Feb 2006, Glenn Steen wrote: > That in the greater part explains the difference in load avgs. Not > that I know exactly what network tests Jules ran in this case, but > your low figures are simply due to you not doing 1) SA, and 2) SAs BL > lookups. As mentioned, these two tend to add some "real" load and (in > the latter case) significant "unreal" load;-). > Yes, but read what I said, in duplicate circumstances avg was 4 against 10 :) the 1-2 is without it. >> But qmailscan has a bad habbit of not being able to handle alot of stuff >> gracefully, which is why I was after a clear cut guide on how to install >> MS on a qmail system, because until the sendmail consortium can produce a >> copy of sendmail that works identical to qmail in relation to like with >> vpopmail for virtuals there is no beating that combination, be it for >> visp's or hosting. > > Did someone mention postfix ....:-):-) looked at it a few years back, decided no and dont intend to, also had enuf of the wietse patsies trying to thrash it down everybodys throats on other lists, its akin to spamming :) especially those that argue vigorously its better than sendmail, when they have never used sendmail At least I benchtext MTA's before discounting them, and I found when configured right sendmail even beats qmail at speed for delivery and both leave postfix in their wake, but now we are way off topic :) -- Cheers Res From res at ausics.net Sat Feb 4 22:29:58 2006 From: res at ausics.net (Res) Date: Sat Feb 4 22:30:05 2006 Subject: New speed benchmark In-Reply-To: <43E48D67.8080205@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E48D67.8080205@ecs.soton.ac.uk> Message-ID: On Sat, 4 Feb 2006, Julian Field wrote: > Not wanting to start a flame war, but does qmailscan do all the HTML analysis > and phishing detection and all the extras you get with MailScanner? It's far no, its one of the reasons I want to get MS to work with it its a dream on our sendmail servers, buty they are special use for large single domains and the loads pretty low > However, I agree with you on the qmail support for MailScanner. There is a > company that does all that, I leave them to it as I have never much liked > qmail anyway ;) ;) Yep, I still prefere sendmail, but sadly like I said for virtuals you cna not beat the qmail/vpopmail combo, trust me the day sendmail creates an option that basically allows mkdir /var/spool/mail/test.com echo "test.com /var/spool/mail/test.com" >> /etc/mail/virtualdomaindir make -C /etc/mail and we get somthing like vpopmail to work with it, qmail will start have a very fast extinction rate :) -- Cheers Res From res at ausics.net Sat Feb 4 22:38:08 2006 From: res at ausics.net (Res) Date: Sat Feb 4 22:38:15 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E4D58D.4000809@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> Message-ID: On Sat, 4 Feb 2006, Julian Field wrote: > Res wrote: >> On Fri, 3 Feb 2006, Julian Field wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> On 3 Feb 2006, at 10:36, Res wrote: >>>> On Thu, 2 Feb 2006, DAve wrote: >>>>> Julian Field wrote: >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> I forgot to add the MTA is sendmail >>>>>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>>>>>> Old Signed: 02/02/06 at 14:59:40 >>>>>>> I have just done a speed test. >>>>>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>>>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>>>>> clamavmodule >>>>>>> MailScanner setup: default >>>>>>> Speed: 770,000 messages per day >> >> 10? I hope to hell its on a 15 yo 5400 rpm ide >> >> thats only 8 msgs a second, we easily do more than that on dual xeon 2 gig >> ram with qmail and qmailscan and the load avgs constant 2-2.5 >> >> looks like i wont be trying to intergrate MS with our qmail servers, prolly >> a good idea since nobody has clear intructions on how to install with qmail >> anyway >> >> Still happy to use it on our sendmail boxes tho :) > As a comparison with qmailscan, I ran MailScanner with just the Virus > Scanning turned on, and all the spam checks and dangerous HTML checks > switched off. > So just as a virus scanner it managed > > Hardware: dual Opteron, 4Gb RAM, SCSI disk. > Software: RHEL4, MailScanner 4.50 > MailScanner setup: Virus scanning only > Speed: 4,700,000 messages per day > = 55 messages per second > > Can qmailscan beat that? maybe witha high load, i never said i like qmailscan, it hate the #@%#@ thing :) when dealing with some tnef stuff it leaves the extracted dirs and can hang that child we are probably doing about 20 msgs a second for those figures I gave. which Operton ? tho I do detest AMD :P prolly cause in early days they were shit and used to fail often, never had an intel die yet > > -- Cheers Res From john at jolet.net Sun Feb 5 03:06:50 2006 From: john at jolet.net (John Jolet) Date: Sun Feb 5 03:06:48 2006 Subject: permissions problem on startup Message-ID: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> I'm having a problem that I saw in the archives someone else having, but I couldn't find a solution. Running on gentoo with postfix. If I set the Run As user to postfix, I get: Cannot open config file /opt/ MailScanner/etc/MailScanner.conf, Permission denied at /opt/ MailScanner/lib/MailScanner/Config.pm line 597. now, that poster said he made it work by giving postfix user a shell, but that doesn't seem to work for me. if I start it as root, it works, but then postfix would need to run as root. postfix:postfix owns MailScanner.conf, and it can be read by postfix.... the mailscanner program opens it like 10 times, then switches uid and gid to postfix, and then can't open it. or says it can't. what's going on here? From shuttlebox at gmail.com Sun Feb 5 10:20:17 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Feb 5 10:20:21 2006 Subject: sendmail greet_pause feature In-Reply-To: <43E42DE0.7010401@nkpanama.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <43E42DE0.7010401@nkpanama.com> Message-ID: <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> On 2/4/06, Alex Neuman van der Hans wrote: > > Is there any way to run a check during install or upgrade to make sure, > and then set it (or give a warning)? Maybe it could get incorporated into > the next release. > It has already been in a previous release. It was based on Sendmail debug output and caused a lot of problems so Julian removed it. Nobody has posted a reliable way to detect it yet. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060205/bfd58639/attachment.html From MailScanner at ecs.soton.ac.uk Sun Feb 5 12:59:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 12:59:38 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E50638.4060601@pixelhammer.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> <43E50638.4060601@pixelhammer.com> Message-ID: <43E5F6B8.1080603@ecs.soton.ac.uk> DAve wrote: > We looked at OpenProtect (?) but did not test it, only because we > wanted Julians support and Julian didn't write it. If MailScanner > someday supported qmail, we would switch from Sendmail. It seems to me > the only difference is the queue and message structures. The rest of > MS would not be affected? I'm sorry but I have no intention of supporting qmail in MailScanner. Nothing personal :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Feb 5 13:02:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 13:02:59 2006 Subject: permissions problem on startup In-Reply-To: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> Message-ID: <43E5F782.7020005@ecs.soton.ac.uk> John Jolet wrote: > I'm having a problem that I saw in the archives someone else having, > but I couldn't find a solution. Running on gentoo with postfix. If I > set the Run As user to postfix, I get: Cannot open config file > /opt/MailScanner/etc/MailScanner.conf, Permission denied at > /opt/MailScanner/lib/MailScanner/Config.pm line 597. If this is not a permissions problem on the file, then it is a problem with the perms of the dir or one of its parents. Don't forget that the postfix user has to be to navigate down to the file, as well as just read the file. Ensure you have r-x on the directories. > > now, that poster said he made it work by giving postfix user a shell, > but that doesn't seem to work for me. if I start it as root, it > works, but then postfix would need to run as root. postfix:postfix > owns MailScanner.conf, and it can be read by postfix.... the > mailscanner program opens it like 10 times, then switches uid and gid > to postfix, and then can't open it. or says it can't. what's going > on here? > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at erus.co.uk Sun Feb 5 13:25:25 2006 From: alex at erus.co.uk (Alex Pimperton) Date: Sun Feb 5 13:22:34 2006 Subject: How do I whitelist mail from internal processes? Message-ID: <43E5FCC5.3090007@erus.co.uk> Hi All I run MailScanner on a Debian box that also has LogWatch installed, and recently emails from LogWatch are being tagged as High Scoring Spam because the LogWatch report contains IP addresses that trip the SUBRL rules in SpamAssassin. I went to whitelist 127.0.0.1/my external IP but after checking the headers I realised there's no IP address I can whitelist as the headers are misssing the "Received: from" part. My headers look like: Delivered-To: root@erus.co.uk Received: by mail.erus.co.uk (Postfix, from userid 0) id CB681581D5; Sun, 5 Feb 2006 00:31:25 +0000 (GMT) To: root@erus.co.uk How can I whitelist email that comes from internal processes (LogWatch,Cron etc) without having to whitelist all email that arrives for root? Regards, Alex -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. From john at jolet.net Sun Feb 5 13:27:45 2006 From: john at jolet.net (John Jolet) Date: Sun Feb 5 13:27:43 2006 Subject: permissions problem on startup In-Reply-To: <43E5F782.7020005@ecs.soton.ac.uk> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> Message-ID: On Feb 5, 2006, at 7:02 AM, Julian Field wrote: > John Jolet wrote: >> I'm having a problem that I saw in the archives someone else >> having, but I couldn't find a solution. Running on gentoo with >> postfix. If I set the Run As user to postfix, I get: Cannot open >> config file /opt/MailScanner/etc/MailScanner.conf, Permission >> denied at /opt/MailScanner/lib/MailScanner/Config.pm line 597. > If this is not a permissions problem on the file, then it is a > problem with the perms of the dir or one of its parents. Don't > forget that the postfix user has to be to navigate down to the > file, as well as just read the file. Ensure you have r-x on the > directories. >> yeah, I thought of that. If I give postfix a shell, su - postfix I can view the file just fine. It appeared to me when I looked at that module that it was mostly concerned with ldap servers. was I incorrect? I don't have any, and that portion of the config file is commented out. just grasping at straws at this point. From MailScanner at ecs.soton.ac.uk Sun Feb 5 13:33:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 13:33:27 2006 Subject: How do I whitelist mail from internal processes? In-Reply-To: <43E5FCC5.3090007@erus.co.uk> References: <43E5FCC5.3090007@erus.co.uk> Message-ID: <43E5FEA8.8020304@ecs.soton.ac.uk> Alex Pimperton wrote: > I went to whitelist 127.0.0.1/my external IP but after checking the > headers I realised there's no IP address I can whitelist as the headers > are misssing the "Received: from" part. > > My headers look like: > > Delivered-To: root@erus.co.uk > Received: by mail.erus.co.uk (Postfix, from userid 0) > id CB681581D5; Sun, 5 Feb 2006 00:31:25 +0000 (GMT) > To: root@erus.co.uk > > How can I whitelist email that comes from internal processes > (LogWatch,Cron etc) without having to whitelist all email that arrives > for root? > Don't worry, MailScanner doesn't use the headers, it gets the IP from the envelope, and puts in 127.0.0.1 if there isn't one. So if the MTA is invoked locally, the ip address will be 127.0.0.1. MailScanner will take pretty much any form of netword address you can come up with, so From: 127.0.0.1 no FromOrTo: default yes should work just fine. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Feb 5 13:35:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 13:35:52 2006 Subject: permissions problem on startup In-Reply-To: References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> Message-ID: <43E5FF39.10909@ecs.soton.ac.uk> John Jolet wrote: > > On Feb 5, 2006, at 7:02 AM, Julian Field wrote: > >> John Jolet wrote: >>> I'm having a problem that I saw in the archives someone else having, >>> but I couldn't find a solution. Running on gentoo with postfix. If >>> I set the Run As user to postfix, I get: Cannot open config file >>> /opt/MailScanner/etc/MailScanner.conf, Permission denied at >>> /opt/MailScanner/lib/MailScanner/Config.pm line 597. >> If this is not a permissions problem on the file, then it is a >> problem with the perms of the dir or one of its parents. Don't forget >> that the postfix user has to be to navigate down to the file, as well >> as just read the file. Ensure you have r-x on the directories. >>> > yeah, I thought of that. If I give postfix a shell, su - postfix I > can view the file just fine. It appeared to me when I looked at that > module that it was mostly concerned with ldap servers. was I > incorrect? I don't have any, and that portion of the config file is > commented out. just grasping at straws at this point. I would not advise you try to work out how the configuration compiler works, it's pretty complex. :-) If you do su - postfix then cd / then cd down each dir to the file's location, does that all work at every step? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john at jolet.net Sun Feb 5 14:27:11 2006 From: john at jolet.net (John Jolet) Date: Sun Feb 5 14:27:28 2006 Subject: permissions problem on startup In-Reply-To: <43E5FF39.10909@ecs.soton.ac.uk> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> Message-ID: <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> >> yeah, I thought of that. If I give postfix a shell, su - postfix >> I can view the file just fine. It appeared to me when I looked at >> that module that it was mostly concerned with ldap servers. was I >> incorrect? I don't have any, and that portion of the config file >> is commented out. just grasping at straws at this point. > > I would not advise you try to work out how the configuration > compiler works, it's pretty complex. :-) > > If you do su - postfix then cd / then cd down each dir to the > file's location, does that all work at every step? yes, it does. That gave me an idea, however. su - postfix from root, THEN run check_mailscanner, and it works. so I can start it as postfix if i'm postfix. I guess I can handle that.....but it's still odd. From glenn.steen at gmail.com Sun Feb 5 16:02:58 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 5 16:03:02 2006 Subject: New speed benchmark In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> Message-ID: <223f97700602050802w7a1908c4l@mail.gmail.com> On 04/02/06, Res wrote: > On Sat, 4 Feb 2006, Glenn Steen wrote: > > > That in the greater part explains the difference in load avgs. Not > > that I know exactly what network tests Jules ran in this case, but > > your low figures are simply due to you not doing 1) SA, and 2) SAs BL > > lookups. As mentioned, these two tend to add some "real" load and (in > > the latter case) significant "unreal" load;-). > > > > Yes, but read what I said, in duplicate circumstances avg was 4 against > 10 :) the 1-2 is without it. Ok... I thought you said that when you ran it with SA, you had most/all DNS related stuff disabled, and that it was then at approximately 4 LA.... Obviously I read you wrong. (One could argue that load averages are not the best performance measurements there is, but lets not walk that way:-) > > >> But qmailscan has a bad habbit of not being able to handle alot of stuff > >> gracefully, which is why I was after a clear cut guide on how to install > >> MS on a qmail system, because until the sendmail consortium can produce a > >> copy of sendmail that works identical to qmail in relation to like with > >> vpopmail for virtuals there is no beating that combination, be it for > >> visp's or hosting. > > > > Did someone mention postfix ....:-):-) > > looked at it a few years back, decided no and dont intend to, also had > enuf of the wietse patsies trying to thrash it down everybodys throats on > other lists, its akin to spamming :) Fair enough. Note the smileys... I'm certain that most people on this list are beyond newbie status, and the comment was more of a joke than anything. Obviously a poor one at that. > especially those that argue vigorously its better than sendmail, when they > have never used sendmail :-) I got fed up with Sendmail about ... Oh, 8 years ago. I still use it, if it happens to be on any particular system, in house... But not for "front side" use. Qmail and Postfix share several traits (security "by design" foremost among them), and when I looked at what to use instead of Sendmail (a couple of years later, or so, when we decided to retire the badly working boxed solution some fool^H^H^Hine PHB had bought), it was a very close race between those two. At the time I disliked the ... "political" nature of Qmail a bit, so went with Postfix... Just to discover that Mr Venema is indeed as opinionated and "political". Sigh. But the MTA is still a very nice piece of SW, so .. I'll stick with it:-). > At least I benchtext MTA's before discounting them, and I found when > configured right sendmail even beats qmail at speed for delivery and both > leave postfix in their wake, but now we are way off topic :) That's why I'd like for someone with the knowhow, resources and "big load" to do such a comparison... I'd do it myself, but I simply lack the influx (and to a certain extent diversity) of mails to do such a test justice. I'm still holding out hope that Jules will be bored enough one day to do it:-). And from the above, one can infer that speed of processing/delivery isn't a factor on my systems, so it'd be for purely ... technology/statistical pleasure (on my part, at least:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dnsadmin at 1bigthink.com Sun Feb 5 16:55:06 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Sun Feb 5 16:55:17 2006 Subject: This list rules!!! Successful upgrade from 4.43 to 4.50 with no glitches! Message-ID: <6.2.3.4.0.20060205114353.089f86c8@mxt.1bigthink.com> Hello All, I just wanted to report a success story instead of the usual problems. I upgraded overnight beginning at 00:10 +5GMT last night and was complete and satisfied everything was going well enough to sleep well by 1:03 +5GMT. Thanks Julian! Docs were certainly clear enough! Thank you ALL for preparing me for the pitfalls! Whitebox Linux 3.x (updated RPMs) = RHES 3.x (up to date RPMs) MailScanner 4.43 upgrade to 4.50 SpamAssassin-3.03+ClamAV0.88 upgrade to SpamAssassin 3.10+ClamAV0.88 Mailwatch 0.51 (want to upgrade soon) Cheers! Glenn From MailScanner at ecs.soton.ac.uk Sun Feb 5 17:18:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 17:18:18 2006 Subject: This list rules!!! Successful upgrade from 4.43 to 4.50 with no glitches! In-Reply-To: <6.2.3.4.0.20060205114353.089f86c8@mxt.1bigthink.com> References: <6.2.3.4.0.20060205114353.089f86c8@mxt.1bigthink.com> Message-ID: <43E6335A.9050908@ecs.soton.ac.uk> You're welcome! dnsadmin 1bigthink.com wrote: > Hello All, > > I just wanted to report a success story instead of the usual problems. > I upgraded overnight beginning at 00:10 +5GMT last night and was > complete and satisfied everything was going well enough to sleep well > by 1:03 +5GMT. > > Thanks Julian! Docs were certainly clear enough! Thank you ALL for > preparing me for the pitfalls! > > Whitebox Linux 3.x (updated RPMs) = RHES 3.x (up to date RPMs) > MailScanner 4.43 upgrade to 4.50 > SpamAssassin-3.03+ClamAV0.88 upgrade to SpamAssassin 3.10+ClamAV0.88 > Mailwatch 0.51 (want to upgrade soon) > > Cheers! > Glenn > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Sun Feb 5 19:24:18 2006 From: gdoris at rogers.com (Gerry Doris) Date: Sun Feb 5 19:24:43 2006 Subject: MailScanner lint errors? Message-ID: <43E650E2.7050805@rogers.com> I've started seeing errors after running MailScanner --lint which I haven't seen before. I was running 4.50.10 and decided to upgrade to 4.50.15 today. Everything went well and MailScanner is working properly. I see no errors in any of the logs. Mail is being accepted and delivered. MailScanner -v runs without errors but when I run MailScanner --lint I get the following: [root@tiger MailScanner]# MailScanner --lint Read 701 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Cannot write pid file , No such file or directory at /usr/sbin/MailScanner line 1238 Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule f-prot trend bitdefender" Use of uninitialized value in split at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2879. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. Can't exec "-IsItInstalled": No such file or directory at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2882. ...snip the above is repeated 5 more times ...snip Found these virus scanners installed: bitdefender, f-prot, clamavmodule, trend From MailScanner at ecs.soton.ac.uk Sun Feb 5 19:44:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 19:44:04 2006 Subject: MailScanner lint errors? In-Reply-To: <43E650E2.7050805@rogers.com> References: <43E650E2.7050805@rogers.com> Message-ID: <43E65582.6040709@ecs.soton.ac.uk> I strongly suspect that none are relevant, apart from the Cannot write pid file error. Check this is set to something in your MailScanner.conf file. Gerry Doris wrote: > I've started seeing errors after running MailScanner --lint which I > haven't seen before. > > I was running 4.50.10 and decided to upgrade to 4.50.15 today. > Everything went well and MailScanner is working properly. I see no > errors in any of the logs. Mail is being accepted and delivered. > > MailScanner -v runs without errors but when I run MailScanner --lint I > get the following: > > [root@tiger MailScanner]# MailScanner --lint > Read 701 hostnames from the phishing whitelist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > Cannot write pid file , No such file or directory at > /usr/sbin/MailScanner line 1238 > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamavmodule f-prot trend > bitdefender" > > Use of uninitialized value in split at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2879. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. > Can't exec "-IsItInstalled": No such file or directory at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2882. > ...snip > the above is repeated 5 more times > ...snip > > Found these virus scanners installed: bitdefender, f-prot, > clamavmodule, trend -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Sun Feb 5 20:12:21 2006 From: gdoris at rogers.com (Gerry Doris) Date: Sun Feb 5 20:12:46 2006 Subject: MailScanner lint errors? In-Reply-To: <43E65582.6040709@ecs.soton.ac.uk> References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk> Message-ID: <43E65C25.7000809@rogers.com> Julian Field wrote: > I strongly suspect that none are relevant, apart from the Cannot write > pid file error. Check this is set to something in your MailScanner.conf > file. I checked MailScanner.conf and the MailScanner PID is set to /var/run/MailScanner.pid The file is really there and is being used. Like I said, there are no errors in any logs and mail is being sent and received. It was working but I can't remember the last time I tried it. I'm using the latest MailWatch. Would that be confusing the MailScanner lint operation? > > Gerry Doris wrote: > >> I've started seeing errors after running MailScanner --lint which I >> haven't seen before. >> >> I was running 4.50.10 and decided to upgrade to 4.50.15 today. >> Everything went well and MailScanner is working properly. I see no >> errors in any of the logs. Mail is being accepted and delivered. >> >> MailScanner -v runs without errors but when I run MailScanner --lint I >> get the following: >> >> [root@tiger MailScanner]# MailScanner --lint >> Read 701 hostnames from the phishing whitelist >> Config: calling custom init function SQLBlacklist >> Config: calling custom init function MailWatchLogging >> Config: calling custom init function SQLWhitelist >> Cannot write pid file , No such file or directory at >> /usr/sbin/MailScanner line 1238 >> Checking for SpamAssassin errors (if you use it)... >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> SpamAssassin reported no errors. >> >> MailScanner.conf says "Virus Scanners = clamavmodule f-prot trend >> bitdefender" >> >> Use of uninitialized value in split at >> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2879. >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >> Can't exec "-IsItInstalled": No such file or directory at >> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >> ...snip >> the above is repeated 5 more times >> ...snip >> >> Found these virus scanners installed: bitdefender, f-prot, >> clamavmodule, trend > > From mailscanner at PDSCC.COM Sun Feb 5 20:55:53 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Sun Feb 5 20:56:06 2006 Subject: errors when running mailwatch php/mysql Message-ID: <200602090821.AAA21504@sheridan.sibble.net> I've just spent the last few hours setting up mailwatch on a freshly built centos 4.2 mail relay. Mailscanner is working fine with postfix. I followed the instructions here: http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation:install Once I finished the setup, I restarted the mysql, http and mailscanner daemons. I then attempt to go to http://ip.address.of.mailrelay/mailscanner (also tried ttp://ip.address.of.mailrelay/mailscanner/index.php with same results) and get nothing but a blank webpage. From the /var/log/httpd/error_log: [client xxx.xxx.xxx.xxx] PHP Fatal error: Call to undefined function: mysql_escape_string() in /var/www/html/mailscanner/functions.php on line 528 line 528 says $value = "'".mysql_escape_string($value)."'"; I've been googling, but havent found anything to get this to work. I've not used php before.... Relevant rpm versions: mailscanner-4.49.7-1 postfix-2.1.5-4.2.RHEL4 php-pear-4.3.9-3.9 php-4.3.9-3.9 php-gd-4.3.9-3.9 mysql-devel-4.1.12-3.RHEL4.1 mysql-server-4.1.12-3.RHEL4.1 mysql-4.1.12-3.RHEL4.1 spamassassin-3.0.4-1.el4 -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From richard.siddall at elirion.net Sun Feb 5 21:13:55 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Sun Feb 5 21:14:17 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E5F6B8.1080603@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> <43E50638.4060601@pixelhammer.com> <43E5F6B8.1080603@ecs.soton.ac.uk> Message-ID: <43E66A93.5060500@elirion.net> Julian Field wrote: > > I'm sorry but I have no intention of supporting qmail in MailScanner. > Nothing personal :-) > Could I ask why? (Several reasons spring to mind, such as: 1/ OpenProtect already does a good job. 2/ Julian likes qmail less than Postfix. 3/ Julian's overworked and doesn't want to take on another MTA 4/ There's no way of adding another MTA to Julian's test setup 5/ qmail's even less compatible with the dual-queue approach than Postfix. 6/ Julian relies on other people to handle extra MTA's and nobody volunteered to handle qmail. and so on.) Unfortunately, it looks like we'll be replacing our sendmail boxes with ones running qmail. I'm looking at qpsmtpd to replace the qmail front-end. Regards, Richard Siddall From smf at f2s.com Sun Feb 5 21:17:03 2006 From: smf at f2s.com (Steve Freegard) Date: Sun Feb 5 21:15:10 2006 Subject: errors when running mailwatch php/mysql In-Reply-To: <200602090821.AAA21504@sheridan.sibble.net> References: <200602090821.AAA21504@sheridan.sibble.net> Message-ID: <1139174223.16590.34.camel@localhost.localdomain> Hi Harondel, On Sun, 2006-02-05 at 12:55 -0800, Harondel J. Sibble wrote: > I've just spent the last few hours setting up mailwatch on a freshly built > centos 4.2 mail relay. Mailscanner is working fine with postfix. > > [client xxx.xxx.xxx.xxx] PHP Fatal error: Call to undefined function: > mysql_escape_string() in /var/www/html/mailscanner/functions.php on line 528 You don't have the MySQL PHP module installed - if you run php -m | grep -i mysql It won't return anything - run 'yum install php-mysql' and it should start working. Kind regards, Steve. P.S. Please don't post MailWatch questions on the MailScanner list - use the MailWatch list instead: http://lists.sourceforge.net/mailman/listinfo/mailwatch-users From MailScanner at ecs.soton.ac.uk Sun Feb 5 21:22:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 21:22:58 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E66A93.5060500@elirion.net> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> <43E50638.4060601@pixelhammer.com> <43E5F6B8.1080603@ecs.soton.ac.uk> <43E66A93.5060500@elirion.net> Message-ID: <43E66CB2.1010306@ecs.soton.ac.uk> Richard Siddall wrote: > Julian Field wrote: > >> I'm sorry but I have no intention of supporting qmail in MailScanner. >> Nothing personal :-) >> >> > > Could I ask why? (Several reasons spring to mind, such as: > 1/ OpenProtect already does a good job. > 2/ Julian likes qmail less than Postfix. > 3/ Julian's overworked and doesn't want to take on another MTA > 4/ There's no way of adding another MTA to Julian's test setup > 5/ qmail's even less compatible with the dual-queue approach than Postfix. > 6/ Julian relies on other people to handle extra MTA's and nobody > volunteered to handle qmail. > and so on.) > That just about covers the bases :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From matt at coders.co.uk Sun Feb 5 21:31:57 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sun Feb 5 21:31:59 2006 Subject: errors when running mailwatch php/mysql In-Reply-To: <200602090821.AAA21504@sheridan.sibble.net> References: <200602090821.AAA21504@sheridan.sibble.net> Message-ID: <43E66ECD.7030500@coders.co.uk> Harondel J. Sibble wrote: > [client xxx.xxx.xxx.xxx] PHP Fatal error: Call to undefined function: > mysql_escape_string() in /var/www/html/mailscanner/functions.php on line 528 Thats because you haven't installed the php-mysql RPMS > > Relevant rpm versions: > > mailscanner-4.49.7-1 > postfix-2.1.5-4.2.RHEL4 > php-pear-4.3.9-3.9 > php-4.3.9-3.9 > php-gd-4.3.9-3.9 > mysql-devel-4.1.12-3.RHEL4.1 > mysql-server-4.1.12-3.RHEL4.1 > mysql-4.1.12-3.RHEL4.1 > spamassassin-3.0.4-1.el4 yum install php-mysql and service httpd restart should fix it. Matt From matt at coders.co.uk Sun Feb 5 21:33:32 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sun Feb 5 21:33:34 2006 Subject: errors when running mailwatch php/mysql In-Reply-To: <200602090821.AAA21504@sheridan.sibble.net> References: <200602090821.AAA21504@sheridan.sibble.net> Message-ID: <43E66F2C.9050908@coders.co.uk> Harondel J. Sibble wrote: > I've just spent the last few hours setting up mailwatch on a freshly built > centos 4.2 mail relay. Mailscanner is working fine with postfix. > Also - this should really have been on the mailwatch list - not the mailscanner one. Only noticed after I hit send on the previous email...... ;-) matt From mailscanner at PDSCC.COM Sun Feb 5 21:48:21 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Sun Feb 5 21:48:55 2006 Subject: errors when running mailwatch php/mysql In-Reply-To: <1139174223.16590.34.camel@localhost.localdomain> References: <200602090821.AAA21504@sheridan.sibble.net> Message-ID: <200602090913.BAA21775@sheridan.sibble.net> On 5 Feb 2006 at 21:17, Steve Freegard wrote: > You don't have the MySQL PHP module installed - if you run Thanks. that fixed it. > P.S. Please don't post MailWatch questions on the MailScanner list - > use the MailWatch list instead: Signing up now. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From ucs_rat at shsu.edu Sun Feb 5 23:39:45 2006 From: ucs_rat at shsu.edu (Robert A. Thompson) Date: Sun Feb 5 23:40:32 2006 Subject: hold mail Message-ID: <1139182785.20001.29.camel@ra.thehouse.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smiley-3.png Type: image/png Size: 819 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060205/8470c672/smiley-3.png From alex at nkpanama.com Sun Feb 5 23:44:06 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Feb 5 23:44:16 2006 Subject: sendmail greet_pause feature In-Reply-To: <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <43E42DE0.7010401@nkpanama.com> <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> Message-ID: <43E68DC6.7030803@nkpanama.com> What would be a reliable way to do it? IANAP, but there *should* be some form of a test that could be done using the actual sendmail executable, or some other testable function, right? What's involved? Maybe I can offer "the idiot suggestion" - you know, when every possible logical way of doing something has been tried, but then a complete idiot comes along and says something so illogical, so crazy, that it "just might work"... It *has* happened to me before, and it's taught me to always at least *consider* "idiot suggestions". shuttlebox wrote: > On 2/4/06, *Alex Neuman van der Hans* > wrote: > > Is there any way to run a check during install or upgrade to make > sure, and then set it (or give a warning)? Maybe it could get > incorporated into the next release. > > > It has already been in a previous release. It was based on Sendmail > debug output and caused a lot of problems so Julian removed it. Nobody > has posted a reliable way to detect it yet. > > -- > /peter -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060205/f4d02267/attachment.html From naolson at gmail.com Mon Feb 6 04:12:38 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Feb 6 04:12:43 2006 Subject: hold mail In-Reply-To: <1139182785.20001.29.camel@ra.thehouse.com> References: <1139182785.20001.29.camel@ra.thehouse.com> Message-ID: <8f54b4330602052012n4d32a964u1fa192d6a34e22f2@mail.gmail.com> Set sendmail to queue only and don't start any queue runners. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060205/8469bc4e/attachment.html From dave.list at pixelhammer.com Mon Feb 6 05:18:58 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon Feb 6 05:19:30 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E66A93.5060500@elirion.net> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> <43E50638.4060601@pixelhammer.com> <43E5F6B8.1080603@ecs.soton.ac.uk> <43E66A93.5060500@elirion.net> Message-ID: <43E6DC42.2030107@pixelhammer.com> Richard Siddall wrote: > Julian Field wrote: > >>I'm sorry but I have no intention of supporting qmail in MailScanner. >>Nothing personal :-) >> > > > Could I ask why? (Several reasons spring to mind, such as: > 1/ OpenProtect already does a good job. > 2/ Julian likes qmail less than Postfix. Software wars, when I leave the internet business. I'll not miss the software wars. > 3/ Julian's overworked and doesn't want to take on another MTA > 4/ There's no way of adding another MTA to Julian's test setup > 5/ qmail's even less compatible with the dual-queue approach than Postfix. Why would that be? The "basic" premise of MS is an MTA delivers to queue-A, MS picks up from queue-A, processes, delivers to queue-B, an MTA picks up from queue-B and processes the resulting message. I know of several instances of people running two qmail queues on the same server. Run the outbound qmail process on another port or IP and the only problem would be teaching MS how qmail's queue is structured. (HA! Listen to me, like I could write the code to do that!!!) > 6/ Julian relies on other people to handle extra MTA's and nobody > volunteered to handle qmail. > and so on.) Hmmm, I need another hobby right?.......... > > Unfortunately, it looks like we'll be replacing our sendmail boxes with > ones running qmail. I'm looking at qpsmtpd to replace the qmail front-end. > > Regards, > > Richard Siddall We were there, and did replace our Sendmail boxes with qmail/vpopmail/mysql. Love it. But I put MS in front of them running Sendmail and I have to say I have been completely happy with Julian's software. Looking back I think it was the best decision, as my AV and RBL work is completely seperate from my delivery boxes. I like the seperation it provides. Someday, I will prod the company into actually giving *back* to the authors of all the opensource software we generate revenue with. Until then Julian has my wife and kids undying gratitude for allowing "Dad" to sleep at night. DAve From res at ausics.net Mon Feb 6 08:24:13 2006 From: res at ausics.net (Res) Date: Mon Feb 6 08:24:21 2006 Subject: New speed benchmark In-Reply-To: <223f97700602050802w7a1908c4l@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <223f97700602050802w7a1908c4l@mail.gmail.com> Message-ID: On Sun, 5 Feb 2006, Glenn Steen wrote: > discover that Mr Venema is indeed as opinionated and "political". thats one of the reasons i dont like associating with stuff, prolly also why i have such options on qmail as well, too far up emselves if you ask me :) I will keep pestering the sendmail guys for an optional config change :) > And from the above, one can infer that speed of processing/delivery > isn't a factor on my systems, so it'd be for purely ... > technology/statistical pleasure (on my part, at least:-). Yes, unfortunatly I deal with people who press send and expect the recipient to get it in nano seconds :( -- Cheers Res From MailScanner at ecs.soton.ac.uk Mon Feb 6 08:57:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 08:57:33 2006 Subject: How do I whitelist mail from internal processes? In-Reply-To: <43E67067.2020100@lists.mailscanner.info> References: <43E5FCC5.3090007@erus.co.uk> <43E5FEA8.8020304@ecs.soton.ac.uk> <43E67067.2020100@lists.mailscanner.info> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Glad you like it! Have you bought the book yet? Thanks, Jules. On 5 Feb 2006, at 21:38, MailScanner discussion wrote: > Rather than flooding the list with noise I thought I'd thank you > privately so: > > Thank You! > > I can't imagine getting such a quick and helpful response from any > other > authors of other software I use. > > Thank you for all your hard work and for an exceptional piece of > software. > Regards, > > Alex Pimperton > > > Julian Field wrote: >> Alex Pimperton wrote: >>> I went to whitelist 127.0.0.1/my external IP but after checking the >>> headers I realised there's no IP address I can whitelist as the >>> headers >>> are misssing the "Received: from" part. >>> >>> My headers look like: >>> >>> Delivered-To: root@erus.co.uk >>> Received: by mail.erus.co.uk (Postfix, from userid 0) >>> id CB681581D5; Sun, 5 Feb 2006 00:31:25 +0000 (GMT) >>> To: root@erus.co.uk >>> >>> How can I whitelist email that comes from internal processes >>> (LogWatch,Cron etc) without having to whitelist all email that >>> arrives >>> for root? >>> >> Don't worry, MailScanner doesn't use the headers, it gets the IP from >> the envelope, and puts in 127.0.0.1 if there isn't one. So if the MTA >> is invoked locally, the ip address will be 127.0.0.1. >> >> MailScanner will take pretty much any form of netword address you can >> come up with, so >> From: 127.0.0.1 no >> FromOrTo: default yes >> should work just fine. >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner , and is > believed to be clean. > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+cPd/w32o+k+q+hAQEzsgf+Lf21t2XVVEi2STfvltV1lXONw/WIIX0f z/C53ykxzf4+IvGoQWWbxc2QuETpdD888pexeHWDR/BMqNj/E2uEgIhhs9ufQ5S7 swXRtVM/Sf2PkLZFZjdRqpA0iQthw6yLyUJ7mAHHdM5vgfwgUGwtME9zGi05b9FV 0+qk13+l6smz8g+dCtsgtF3HZpTjdlMSxgw6PyS1jJe1mIva/v46T4zLGVdukkMg GcUCNvUrScGerfLPYdn2kbGhAk+EEL6abJMyfNjmAksUBuG8/ov7nHgPj+lx3ov1 MdLVrf/CCHSU27QHrgCOK238mxSL2cwmre32XLBXo/Eh3C+UeRV8ng== =DANM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 6 08:59:30 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 08:59:42 2006 Subject: hold mail In-Reply-To: <1139182785.20001.29.camel@ra.thehouse.com> References: <1139182785.20001.29.camel@ra.thehouse.com> Message-ID: <7F4A32BD-B591-4FCB-BDE1-14E22541421B@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 5 Feb 2006, at 23:39, Robert A. Thompson wrote: > this is kind of a backwards requests, but I'm having trouble > configing a box that I want to take in the mail and scan/clean it, > but not send it on. In short I want mail to get stuck in the > mqueue folder. Reading through the list I find lots of people > with this problem, but they don't know why. I want the problem... Set Delivery Method = queue in MailScanner.conf and don't run any sendmail queue runners. On a Linux system you can achieve this by issuing these 3 commands service MailScanner stop service MailScanner startin check_MailScanner That won't run "startout" which is the queue runner. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+cP9vw32o+k+q+hAQG9+gf+PLZbxjUzb9JfRxbGiNYZdkMYQiESFS/G fcMr8zw98+54++DKXetgrAVvOsejfaCgwHyrJ73H3r1eETHLsqH9JptLmNLqP2zZ tx+GEbz/wKfw6BnSTkMeokb0lwR7/ua8PDdfEXg7hw4L8OIMrKIKjZ3EIHQRo3Mz T6FplcbFrdLwdvjUA2Wi2inLpSCsMuMSy5IvKFt82k/tzJNHu2UhUJHVmCnEuQ21 zTg01x/n/BnuEcOXwzzYh8LtqCchtKuO7pKUn2brLt4wAQcBaUjpDmB0Y5EZQQry Ym1LNxuWDTP+eUtJjy/Spe8wVN3XwV2AjcmzwQkU4ZsXR613Io1omg== =/NFw -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Feb 6 09:21:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 6 09:22:00 2006 Subject: New speed benchmark In-Reply-To: <43E4C0B9.4030905@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> <43E49C13.70802@ecs.soton.ac.uk> <223f97700602040601o45bd5e3bi@mail.gmail.com> <43E4C0B9.4030905@ecs.soton.ac.uk> Message-ID: <223f97700602060121j39c88a75w@mail.gmail.com> On 04/02/06, Julian Field wrote: > Glenn Steen wrote: > > BTW, Jules ... Could you, pretty please, look at my post about typos > > in actions? Or has that area been covered extensively before? > > > A patch for Message.pm is attached. Apply the patch with > > cd /usr/lib/MailScanner/MailScanner > gunzip Message.pm.patch.gz > patch < Message.pm.patch > > then restart MailScanner. > > It logs the error message to syslog and then adds the "deliver" action > to whatever you have set, just for safety so that no message is dropped > because of your typo. > > Due to the the list of spam actions is now parsed, as it has arbitrary > strings (including possibly multiple spaces) for headers, and email > addresses in it, it is no longer just a list of possible words. So it > cannot be caught by --lint. > > So it can only be detected when it is called at run-time, hence the > extra safety measure of adding the "deliver" action. > > Let me know how you get on. > Applied to my 4.50.14, working perfectly (reintroduced the error, and it still delivered... And carped nicely in the error log). Thank you. Will this be in the next release? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From wmcdonald at gmail.com Mon Feb 6 09:22:49 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Mon Feb 6 09:22:51 2006 Subject: sendmail greet_pause feature In-Reply-To: <43E68DC6.7030803@nkpanama.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <43E42DE0.7010401@nkpanama.com> <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> <43E68DC6.7030803@nkpanama.com> Message-ID: <1f8fae340602060122p610f010cp@mail.gmail.com> On 05/02/06, Alex Neuman van der Hans wrote: > What would be a reliable way to do it? IANAP, but there *should* be some > form of a test that could be done using the actual sendmail executable, or > some other testable function, right? What's involved? Maybe I can offer "the > idiot suggestion" - you know, when every possible logical way of doing > something has been tried, but then a complete idiot comes along and says > something so illogical, so crazy, that it "just might work"... It *has* > happened to me before, and it's taught me to always at least *consider* > "idiot suggestions". I assume it was done previously with a sendmail -bt -dsomething ? # sendmail -bt -d < /dev/null | grep Version Are there sendmail releases this doesn't work on or gives unreliable output? Will. From wmcdonald at gmail.com Mon Feb 6 09:26:24 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Mon Feb 6 09:26:25 2006 Subject: sendmail greet_pause feature In-Reply-To: <1f8fae340602060122p610f010cp@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <43E42DE0.7010401@nkpanama.com> <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> <43E68DC6.7030803@nkpanama.com> <1f8fae340602060122p610f010cp@mail.gmail.com> Message-ID: <1f8fae340602060126y2e7c3512i@mail.gmail.com> On 06/02/06, Will McDonald wrote: > On 05/02/06, Alex Neuman van der Hans wrote: > > What would be a reliable way to do it? IANAP, but there *should* be some > > form of a test that could be done using the actual sendmail executable, or > > some other testable function, right? What's involved? Maybe I can offer "the > > idiot suggestion" - you know, when every possible logical way of doing > > something has been tried, but then a complete idiot comes along and says > > something so illogical, so crazy, that it "just might work"... It *has* > > happened to me before, and it's taught me to always at least *consider* > > "idiot suggestions". > > I assume it was done previously with a sendmail -bt -dsomething ? > > # sendmail -bt -d < /dev/null | grep Version > > Are there sendmail releases this doesn't work on or gives unreliable output? Futher Googling also turned up... echo '$v' | /usr/sbin/sendmail -bt Which returns just the version. Will. From MailScanner at ecs.soton.ac.uk Mon Feb 6 09:30:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 09:30:42 2006 Subject: New speed benchmark In-Reply-To: <223f97700602060121j39c88a75w@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> <43E49C13.70802@ecs.soton.ac.uk> <223f97700602040601o45bd5e3bi@mail.gmail.com> <43E4C0B9.4030905@ecs.soton.ac.uk> <223f97700602060121j39c88a75w@mail.gmail.com> Message-ID: <5211DE13-4070-4B77-8816-D6E0DC004CFF@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 6 Feb 2006, at 09:21, Glenn Steen wrote: > On 04/02/06, Julian Field wrote: >> Glenn Steen wrote: >>> BTW, Jules ... Could you, pretty please, look at my post about typos >>> in actions? Or has that area been covered extensively before? >>> >> A patch for Message.pm is attached. Apply the patch with >> >> cd /usr/lib/MailScanner/MailScanner >> gunzip Message.pm.patch.gz >> patch < Message.pm.patch >> >> then restart MailScanner. >> >> It logs the error message to syslog and then adds the "deliver" >> action >> to whatever you have set, just for safety so that no message is >> dropped >> because of your typo. >> >> Due to the the list of spam actions is now parsed, as it has >> arbitrary >> strings (including possibly multiple spaces) for headers, and email >> addresses in it, it is no longer just a list of possible words. So it >> cannot be caught by --lint. >> >> So it can only be detected when it is called at run-time, hence the >> extra safety measure of adding the "deliver" action. >> >> Let me know how you get on. >> > Applied to my 4.50.14, working perfectly (reintroduced the error, and > it still delivered... And carped nicely in the error log). > Thank you. > Will this be in the next release? Now you've confirmed it works, it will be in the next release. Thanks for testing it. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+cXOvw32o+k+q+hAQEHLwf+Iudmc/3CV6P5dYaljP6HmygI3F4ipk9E 31lol21/WIg0e1kx5YE8yGHq5rMCqGKvTjd4neaf8DOxn8ci7rFbXvSdkYRh0u/u b16brK8W4enZbqqjPqw0WbVN5xM08gIvG1kLoAN3A8jJvMUVHine4g9sXbt46IBW uC4L254oR9w3ILMafRKqvcv1s9DD/B9DVD3UwuyG5zJTrmqFYtFdio8tbN9HflIV ojzLm7A97Uhh9XjpB92PNzguxJdv7rSd83oFVQe5HEVpWX9FigKb4b2zsz0IWz/h 7/R6UKZhWA79jrL09w9TYvy9y1cWBsAck13lLkw41OMceA9VrDWZmQ== =5Jn/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From a.peacock at chime.ucl.ac.uk Mon Feb 6 09:42:07 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Feb 6 09:42:13 2006 Subject: qf file left behind In-Reply-To: <43E4DE4E.9050201@ecs.soton.ac.uk> References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> <43E4DE4E.9050201@ecs.soton.ac.uk> Message-ID: <43E719EF.5060404@chime.ucl.ac.uk> Hi, Julian Field wrote: > > > Robert A. Thompson wrote: >>> My best guess would be the Lock Type setting. If you are on Linux >>> running >>> sendmail 8.12 or older, you need to set Lock Type = flock, as it will >>> use >>> posix by default with sendmail. This is a change to previous versions, >>> most of my users run 8.13 on Linux so the default is set for them so >>> it is >>> correct for most people. But yours may be wrong. >>> >> >> appears to be a good guess (Thanks Julian). I've started tweaking with >> the locking and so far so good. In our case, I set it to posix. We are >> running rhel4 with sendmail 8.13 and mailscanner 4.49 (fixing to go to >> 50). We hadn't set any settings on lock type, but setting to posix and >> restarting appears to be doing the trick. (still early though) >> > sendmail 8.13 on Linux is the classic one that always needs to be posix. > This has become the default in MailScanner 4.50. Has anyone installed MailScanner 4.50 on Solaris yet? Does the change in the default setting have an impact on Sendmail 8.13 and Solaris? Up to now I have not had to change the default setting of Lock Type. Will this combination work equally well with posix or flock settings, or will I need to force Lock Type to be flock when I upgrade? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From shuttlebox at gmail.com Mon Feb 6 09:51:49 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 6 09:51:53 2006 Subject: sendmail greet_pause feature In-Reply-To: <1f8fae340602060126y2e7c3512i@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <43E42DE0.7010401@nkpanama.com> <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> <43E68DC6.7030803@nkpanama.com> <1f8fae340602060122p610f010cp@mail.gmail.com> <1f8fae340602060126y2e7c3512i@mail.gmail.com> Message-ID: <625385e30602060151o2ce2bcd6rc85fddd4bc6643f@mail.gmail.com> On 2/6/06, Will McDonald wrote: > > > I assume it was done previously with a sendmail -bt -dsomething ? > > > > # sendmail -bt -d < /dev/null | grep Version > > > > Are there sendmail releases this doesn't work on or gives unreliable > output? > > Futher Googling also turned up... > > echo '$v' | /usr/sbin/sendmail -bt > > Which returns just the version. > Knowing the version is not the problem. If I remember correctly something like below was used: # /usr/lib/sendmail -bt -d < /dev/null | grep FLOCK Still it did not produce reliable results and people started to have locking issues so Julian removed it. If you're interested in the details it should be in mailing lists archive and also noted in Julian's change log a while back. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/1bcee274/attachment.html From shuttlebox at gmail.com Mon Feb 6 09:57:58 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 6 09:58:01 2006 Subject: qf file left behind In-Reply-To: <43E719EF.5060404@chime.ucl.ac.uk> References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> <43E4DE4E.9050201@ecs.soton.ac.uk> <43E719EF.5060404@chime.ucl.ac.uk> Message-ID: <625385e30602060157r60412b33g503703820584f54c@mail.gmail.com> On 2/6/06, Anthony Peacock wrote: > > Has anyone installed MailScanner 4.50 on Solaris yet? > > Does the change in the default setting have an impact on Sendmail 8.13 > and Solaris? > > Up to now I have not had to change the default setting of Lock Type. > > Will this combination work equally well with posix or flock settings, or > will I need to force Lock Type to be flock when I upgrade? > I assume that as with other config options the lock type will stay set as flock if you had that before. Just check it before you start up again if you're not sure. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/82d8492d/attachment.html From a.peacock at chime.ucl.ac.uk Mon Feb 6 10:02:43 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Feb 6 10:02:51 2006 Subject: qf file left behind In-Reply-To: <625385e30602060157r60412b33g503703820584f54c@mail.gmail.com> References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> <43E4DE4E.9050201@ecs.soton.ac.uk> <43E719EF.5060404@chime.ucl.ac.uk> <625385e30602060157r60412b33g503703820584f54c@mail.gmail.com> Message-ID: <43E71EC3.9060201@chime.ucl.ac.uk> Hi Peter, shuttlebox wrote: > On 2/6/06, *Anthony Peacock* > wrote: > > Has anyone installed MailScanner 4.50 on Solaris yet? > > Does the change in the default setting have an impact on Sendmail 8.13 > and Solaris? > > Up to now I have not had to change the default setting of Lock Type. > > Will this combination work equally well with posix or flock settings, or > will I need to force Lock Type to be flock when I upgrade? > > > I assume that as with other config options the lock type will stay set > as flock if you had that before. Just check it before you start up again > if you're not sure. Thanks for the response. I have never had to set the Lock Type setting, that is why I am asking. It was always empty and took the default. Logically, I am assuming that I will now need to set it to flock. I just wanted to see if that assumption is correct. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From shuttlebox at gmail.com Mon Feb 6 10:24:35 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 6 10:24:38 2006 Subject: qf file left behind In-Reply-To: <43E71EC3.9060201@chime.ucl.ac.uk> References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> <43E4DE4E.9050201@ecs.soton.ac.uk> <43E719EF.5060404@chime.ucl.ac.uk> <625385e30602060157r60412b33g503703820584f54c@mail.gmail.com> <43E71EC3.9060201@chime.ucl.ac.uk> Message-ID: <625385e30602060224n62e9ba20p88cbdf41935acd3c@mail.gmail.com> On 2/6/06, Anthony Peacock wrote: > > Thanks for the response. I have never had to set the Lock Type setting, > that is why I am asking. It was always empty and took the default. > > Logically, I am assuming that I will now need to set it to flock. > > I just wanted to see if that assumption is correct. > You're right, it's empty by default. Then I guess you have to set it to flock with the current release. At least I will do that myself. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/0a99d6dc/attachment.html From glenn.steen at gmail.com Mon Feb 6 10:50:06 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 6 10:50:10 2006 Subject: We need to do some cleanup in the wiki... Message-ID: <223f97700602060250y34bea22ak@mail.gmail.com> I've been meaning to do this for a while, but have simply lacked the time:). I just did a search in the wiki for "spam.assassin.prefs.conf" ... a lot of hits for things like "sa-learn -p /path/to/spam.assassin.prefs.conf ...". Since version 4.48.4-2 this shouldn't be needed, so we need make some fairly obvious changes to these examples in the wiki... Perhaps not blithely remove the lines, but complement them with something like "After version 4.48.4-2 this file is included as a site rule file (mailscanner.cf), which will be read automatically by all calls to SA. Don't include it as a user prefs file in this case: ....". If I get a little more free time, I could do such changes, but best would be if everyone that feel they are .... responsible ... for a certain page do the relevant changes. There might be other notable things that should be reflected in the wiki too... The switch of default locking method come to mind:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Feb 6 11:18:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 11:18:31 2006 Subject: We need to do some cleanup in the wiki... In-Reply-To: <223f97700602060250y34bea22ak@mail.gmail.com> References: <223f97700602060250y34bea22ak@mail.gmail.com> Message-ID: <814A6FA0-5B3B-4E93-BA55-DBC23252D998@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 6 Feb 2006, at 10:50, Glenn Steen wrote: > If I get a little more free time, I could do such changes, but best > would be if everyone that feel they are .... responsible ... for a > certain page do the relevant changes. I would be very grateful if people could keep the wiki up to date. A big problem with wikis is the information in them becoming stale. One major thing that needs (re)-writing is a Solaris installation guide. The current one (which I wrote a long time ago) is totally out of date and useless. I might well just remove it completely. I have someone doing a Solaris install at the moment, and being a newbie to Solaris he is hitting every problem in the book. So hopefully his writeup will be useful to other Solaris users. > > There might be other notable things that should be reflected in the > wiki too... The switch of default locking method come to mind:-). Yes, sorry I had to do that. But the vast majority of new MailScanner users are running sendmail 8.13 on Linux. So I had no option but to set the default to posix, or else all the inexperienced users out there would have to know to change an "Advanced" setting. A large proportion of my new users are hobbyist web hosting setups, where they have a web server at an ISP and provide net services for friends and a few local businesses. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+cwffw32o+k+q+hAQG2Qgf9HRya3LsTGnB56lyalQePgczIq0mF7Sh9 gg/yLL59cW1O5xjRuycf+OsgjOUZQYWswNCFhejiubm4iib89s2QW7rfJVoG9Q71 xIiqhn3h4Es0F1Hi1Ga5izAhewf79ra3xPT2RBb9OZmkxZUn/N4I/pTPCJGSsDbq F5hoYQGLUdvL+2MrAy6ZXAJ5dn+eXLzutBXK6ps9cFI8avIaHeFWfPunY+jwmslr kuw9Axwvfq5Y9WtIOffJ/QxQyaUisZs3K6rVGmq9HqnTKXxp+S5eo2AOrLDxI+Tm NI024fYeX/VLWJGC4wHdd0zVvFi59y/aLiBYRMGcb5C8vV9e11Fi2Q== =WJeZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Peter.Bates at lshtm.ac.uk Mon Feb 6 11:22:05 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Mon Feb 6 11:22:26 2006 Subject: A cautionary tale of Sophos and MS In-Reply-To: <223f97700602060250y34bea22ak@mail.gmail.com> References: <223f97700602060250y34bea22ak@mail.gmail.com> Message-ID: <43E7315D0200007600002DE6@193.63.251.15> Hello all... I arrived in this morning to assorted clamouring about a lack of external email. Looking closer, I could see that after the autoupdate of Sophos on Saturday night just after midnight, the version was 'out of date' so started throwing: Feb 4 00:08:03 postbox MailScanner[11382]: SophosSAVI::ERROR:: The main body of virus data is out of date (542):: ./AE3CA13F8E4.6C3F0/msg-11382-11.txt End result was all our external (in/out) email over the weekend has disappeared into the great bitbucket in the sky as this was then tagged as a 'Silent virus' and not quarantined. Entirely my fault for not updating Sophos for a couple of months, but might be something worth considering to include in 'Allowed Sophos Error Messages' if you're a Sophos user... that or still quarantine silent viruses and clear the quarantine out from time to time. Funny how these things catch you, even with 3 other AV engines! ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From ramprasad at netcore.co.in Mon Feb 6 11:36:27 2006 From: ramprasad at netcore.co.in (Ramprasad) Date: Mon Feb 6 11:39:38 2006 Subject: New speed benchmark In-Reply-To: <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: <1139225787.11907.19.camel@darkstar.netcore.co.in> On Fri, 2006-02-03 at 11:06 +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 3 Feb 2006, at 10:36, Res wrote: > > > On Thu, 2 Feb 2006, DAve wrote: > > > >> Julian Field wrote: > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> I forgot to add the MTA is sendmail > >>> On 2 Feb 2006, at 14:59, Julian Field wrote: > >>>> > Old Signed: 02/02/06 at 14:59:40 > >>>> I have just done a speed test. > >>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. > >>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, > >>>> clamavmodule > >>>> MailScanner setup: default > >>>> Speed: 770,000 messages per day > >> > >> What happens at 780,000 messages a day? > >> > > > > and at what loads > > Maintained about 10 which is what I would expect. And do you have any statistics on what was the average mailq What was the average time a message would remain in queue waiting to be picked up by mailscanner Thanks Ram From MailScanner at ecs.soton.ac.uk Mon Feb 6 11:40:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 11:40:17 2006 Subject: A cautionary tale of Sophos and MS In-Reply-To: <43E7315D0200007600002DE6@193.63.251.15> References: <223f97700602060250y34bea22ak@mail.gmail.com> <43E7315D0200007600002DE6@193.63.251.15> Message-ID: <4B38775C-8CAB-499E-8709-8D59F4755FD4@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 6 Feb 2006, at 11:22, Peter Bates wrote: > > Hello all... > > I arrived in this morning to assorted clamouring about > a lack of external email. > > Looking closer, I could see that after the autoupdate of Sophos > on Saturday night just after midnight, the version was 'out of date' > so started throwing: > > Feb 4 00:08:03 postbox MailScanner[11382]: SophosSAVI::ERROR:: The > main body of virus data is out of date (542):: > ./AE3CA13F8E4.6C3F0/msg-11382-11.txt > > End result was all our external (in/out) email over the weekend has > disappeared into the great bitbucket in the sky as this was then > tagged > as a 'Silent virus' and not quarantined. > > Entirely my fault for not updating Sophos for a couple of months, but > might be something worth considering to include in 'Allowed Sophos > Error > Messages' if you're a Sophos user... that or still quarantine silent > viruses and clear the quarantine out from time to time. Eek! Sorry that happened. I have added that text to the list I supply in the sample line just above the real line. Do you think I should make the default setting this: Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted", "The main body of virus data is out of date" Any there that shouldn't be there by default? Your thoughts please... - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+c1m/w32o+k+q+hAQHW4Af/SH6g8rlzZSvNhs50rSqAx2vPukX1S/Ma 9CC/kxAy4FiWildo15BS4ZQ/xpDU/8EwM67HuwPyXdxB2TjEYZC7lLAByIMhrzcU pmz9Tzpr6TxXsfaGa+Id8E5mcHPe6g+NjddGCkrDl8c+/ZnXou14kVsYv4UpYwsK 1BcnbtgjfI6H85lU2h6UUHOwEnvY1NZSxJQtUXhgQgIA8Vdm5cnkJZNK7XpV5hh/ gMqx+WF4fpd+TMOPfROoFyiZJ7FFsIGx1GyjOx9yyuYnPDZ9DbwUybitIZ8KcbZZ gnRqSUma/d+jX7iXXIq/gFLa7F+15bcpodYYeCJX7wPWSQpKBzd9ag== =WZ43 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From C.P.Mills at cranfield.ac.uk Mon Feb 6 12:21:12 2006 From: C.P.Mills at cranfield.ac.uk (Mills Mr C P) Date: Mon Feb 6 12:22:33 2006 Subject: A cautionary tale of Sophos and MS Message-ID: <8612FDC208266E419168366E1D2E3B797B0FEB@CranfieldMail.shrivenham.cranfield.ac.uk> I would block password protected by default. If password protected files can not be scanned, they should not be allowed through automatically. Didn't netsky (or was it sobig?) use a password protected zip with the password in the body of the message to get around exactly this? Surely it won't take long for virus writers to realise they can just create password protected word files with dodgy macros in? Perhaps a setting which defines seperatly what to do with password protected files (including zips, word docs, excel spreads etc) would be helpful. Personally, I would like to dump or quarantine them on the grounds I cannot be sure they are clean. Or how about a generalised "Do something when virus result = regexp" type tag which would allow people to define their own rules for "corrupt", "password protected" etc? Talking of which, I asked a question last week which no one seems to have come up with a suggestion for. I want to dump all silent viruses, but quarantine and notify about password protected files which could not be scanned. Anyone have any ideas how? Regards Chris Mills, Cranfield University. -- Christopher P. Mills ? Cranfield University Shrivenham Campus Defence College of Management and Technology Defence Academy of the United Kingdom, Shrivenham, Swindon SN6 8LA Tel: +44 (0)1793 785 633 Fax: +44 (0)1793 785 903 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 06 February 2006 11:40 > To: MailScanner discussion > Subject: Re: A cautionary tale of Sophos and MS > > -----BEGIN PGP SIGNED MESSAGE----- > > On 6 Feb 2006, at 11:22, Peter Bates wrote: > > > > Hello all... > > > > I arrived in this morning to assorted clamouring about a lack of > > external email. > > > > Looking closer, I could see that after the autoupdate of Sophos on > > Saturday night just after midnight, the version was 'out of date' > > so started throwing: > > > > Feb 4 00:08:03 postbox MailScanner[11382]: SophosSAVI::ERROR:: The > > main body of virus data is out of date (542):: > > ./AE3CA13F8E4.6C3F0/msg-11382-11.txt > > > > End result was all our external (in/out) email over the weekend has > > disappeared into the great bitbucket in the sky as this was then > > tagged as a 'Silent virus' and not quarantined. > > > > Entirely my fault for not updating Sophos for a couple of > months, but > > might be something worth considering to include in 'Allowed Sophos > > Error Messages' if you're a Sophos user... that or still quarantine > > silent viruses and clear the quarantine out from time to time. > > Eek! Sorry that happened. I have added that text to the list > I supply in the sample line just above the real line. > Do you think I should make the default setting this: > > Allowed Sophos Error Messages = "corrupt", "format not > supported", "File was encrypted", "The main body of virus > data is out of date" > > Any there that shouldn't be there by default? > Your thoughts please... > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+c1m/w32o+k+q+hAQHW4Af/SH6g8rlzZSvNhs50rSqAx2vPukX1S/Ma > 9CC/kxAy4FiWildo15BS4ZQ/xpDU/8EwM67HuwPyXdxB2TjEYZC7lLAByIMhrzcU > pmz9Tzpr6TxXsfaGa+Id8E5mcHPe6g+NjddGCkrDl8c+/ZnXou14kVsYv4UpYwsK > 1BcnbtgjfI6H85lU2h6UUHOwEnvY1NZSxJQtUXhgQgIA8Vdm5cnkJZNK7XpV5hh/ > gMqx+WF4fpd+TMOPfROoFyiZJ7FFsIGx1GyjOx9yyuYnPDZ9DbwUybitIZ8KcbZZ > gnRqSUma/d+jX7iXXIq/gFLa7F+15bcpodYYeCJX7wPWSQpKBzd9ag== > =WZ43 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3094 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/b4243044/smime.bin From shuttlebox at gmail.com Mon Feb 6 12:47:18 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 6 12:47:21 2006 Subject: We need to do some cleanup in the wiki... In-Reply-To: <814A6FA0-5B3B-4E93-BA55-DBC23252D998@ecs.soton.ac.uk> References: <223f97700602060250y34bea22ak@mail.gmail.com> <814A6FA0-5B3B-4E93-BA55-DBC23252D998@ecs.soton.ac.uk> Message-ID: <625385e30602060447p1bb30e7cy51b09626ef9a26b3@mail.gmail.com> On 2/6/06, Julian Field wrote: > > One major thing that needs (re)-writing is a Solaris installation > guide. The current one (which I wrote a long time ago) is totally out > of date and useless. I might well just remove it completely. I have > someone doing a Solaris install at the moment, and being a newbie to > Solaris he is hitting every problem in the book. So hopefully his > writeup will be useful to other Solaris users. > A Solaris newbie or a Unix newbie? Isn't the install documents for Solaris and the tar distribution still current? I use them on current systems with no problems. I am however getting involved with Blastwave about adding MailScanner to their excellent collection of super-easy (apt style) to install packages. They already have everything else like all needed Perl modules, Sendmail, SpamAssassin, Clam and DCC. They are always quick to release new versions as well. If I could get MailScanner in there it would be very easy for a newbie to install it (pkg-get -i mailscanner). As for most us though, time is not an unlimited resource. :-( -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/9724ba06/attachment.html From nerijus at users.sourceforge.net Mon Feb 6 13:14:03 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Mon Feb 6 13:14:26 2006 Subject: A cautionary tale of Sophos and MS In-Reply-To: <8612FDC208266E419168366E1D2E3B797B0FEB@CranfieldMail.shrivenham.cranfield.ac.uk> References: <8612FDC208266E419168366E1D2E3B797B0FEB@CranfieldMail.shrivenham.cranfield.ac.uk> Message-ID: <20060206131403.F3FC6BB49@mx.dtiltas.lt> On Mon, 6 Feb 2006 12:21:12 -0000 Mills Mr C P wrote: > I would block password protected by default. There is a special MailScanner setting for this, so there is no need to let Sophos block them (as it will not honour MailScanner setting in such case). Regards, Nerijus From campbell at cnpapers.com Mon Feb 6 14:05:31 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 14:05:43 2006 Subject: MailScanner lint errors? References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk> <43E65C25.7000809@rogers.com> Message-ID: <00ac01c62b26$647293e0$0705000a@DDF5DW71> Julian, I'm seeing the same with respect to the PID file. My conf file points to /var/run/ and the file does exist. I'm also seeing the dual restart problem, where I am required to start MS twice if I stop it. I alway need to 'killall sendmail', but this doesn't cause the need to start MS twice. There are no sendmail processes running before I start MS. There are no log errors, it just doesn't start. I just thought I would mention this off-thread part in case it might have something to do with the PID problem. MS 4.50-15 MailWatch 1.0.3 SA 3.10 (or whatever was the latest as of last week) Tao Linux 1.0 Update 6 Thanks. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Gerry Doris" To: "MailScanner discussion" Sent: Sunday, February 05, 2006 3:12 PM Subject: Re: MailScanner lint errors? > Julian Field wrote: >> I strongly suspect that none are relevant, apart from the Cannot write >> pid file error. Check this is set to something in your MailScanner.conf >> file. > > I checked MailScanner.conf and the MailScanner PID is set to > /var/run/MailScanner.pid The file is really there and is being used. > > Like I said, there are no errors in any logs and mail is being sent and > received. It was working but I can't remember the last time I tried it. > > I'm using the latest MailWatch. Would that be confusing the MailScanner > lint operation? > > >> >> Gerry Doris wrote: >> >>> I've started seeing errors after running MailScanner --lint which I >>> haven't seen before. >>> >>> I was running 4.50.10 and decided to upgrade to 4.50.15 today. >>> Everything went well and MailScanner is working properly. I see no >>> errors in any of the logs. Mail is being accepted and delivered. >>> >>> MailScanner -v runs without errors but when I run MailScanner --lint I >>> get the following: >>> >>> [root@tiger MailScanner]# MailScanner --lint >>> Read 701 hostnames from the phishing whitelist >>> Config: calling custom init function SQLBlacklist >>> Config: calling custom init function MailWatchLogging >>> Config: calling custom init function SQLWhitelist >>> Cannot write pid file , No such file or directory at >>> /usr/sbin/MailScanner line 1238 >>> Checking for SpamAssassin errors (if you use it)... >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> SpamAssassin reported no errors. >>> >>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot trend >>> bitdefender" >>> >>> Use of uninitialized value in split at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2879. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>> Can't exec "-IsItInstalled": No such file or directory at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>> ...snip >>> the above is repeated 5 more times >>> ...snip >>> >>> Found these virus scanners installed: bitdefender, f-prot, clamavmodule, >>> trend >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Feb 6 14:13:19 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 14:13:30 2006 Subject: MailScanner lint errors? In-Reply-To: <00ac01c62b26$647293e0$0705000a@DDF5DW71> References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk> <43E65C25.7000809@rogers.com> <00ac01c62b26$647293e0$0705000a@DDF5DW71> Message-ID: <41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 6 Feb 2006, at 14:05, Steve Campbell wrote: > Julian, > > I'm seeing the same with respect to the PID file. My conf file > points to /var/run/ and the file does exist. I'll take a look at this problem. What are your "Run As User" and "Run As Group" set to? > I'm also seeing the dual restart problem, where I am required to > start MS twice if I stop it. I alway need to 'killall sendmail', > but this doesn't cause the need to start MS twice. There are no > sendmail processes running before I start MS. There are no log > errors, it just doesn't start. I just thought I would mention this > off-thread part in case it might have something to do with the PID > problem. Most likely cause is not waiting long enough between stopping and starting. If there are any MailScanner processes still clearing up, then it won't start. Just restarting it again will extend the delay. > > MS 4.50-15 > MailWatch 1.0.3 > SA 3.10 (or whatever was the latest as of last week) > Tao Linux 1.0 Update 6 > > Thanks. > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > > > ----- Original Message ----- From: "Gerry Doris" > To: "MailScanner discussion" > Sent: Sunday, February 05, 2006 3:12 PM > Subject: Re: MailScanner lint errors? > > >> Julian Field wrote: >>> I strongly suspect that none are relevant, apart from the Cannot >>> write pid file error. Check this is set to something in your >>> MailScanner.conf file. >> >> I checked MailScanner.conf and the MailScanner PID is set to /var/ >> run/MailScanner.pid The file is really there and is being used. >> >> Like I said, there are no errors in any logs and mail is being >> sent and received. It was working but I can't remember the last >> time I tried it. >> >> I'm using the latest MailWatch. Would that be confusing the >> MailScanner lint operation? >> >> >>> >>> Gerry Doris wrote: >>> >>>> I've started seeing errors after running MailScanner --lint >>>> which I haven't seen before. >>>> >>>> I was running 4.50.10 and decided to upgrade to 4.50.15 today. >>>> Everything went well and MailScanner is working properly. I see >>>> no errors in any of the logs. Mail is being accepted and >>>> delivered. >>>> >>>> MailScanner -v runs without errors but when I run MailScanner -- >>>> lint I get the following: >>>> >>>> [root@tiger MailScanner]# MailScanner --lint >>>> Read 701 hostnames from the phishing whitelist >>>> Config: calling custom init function SQLBlacklist >>>> Config: calling custom init function MailWatchLogging >>>> Config: calling custom init function SQLWhitelist >>>> Cannot write pid file , No such file or directory at /usr/sbin/ >>>> MailScanner line 1238 >>>> Checking for SpamAssassin errors (if you use it)... >>>> Using SpamAssassin results cache >>>> Connected to SpamAssassin cache database >>>> SpamAssassin reported no errors. >>>> >>>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot >>>> trend bitdefender" >>>> >>>> Use of uninitialized value in split at /usr/lib/MailScanner/ >>>> MailScanner/SweepViruses.pm line 2879. >>>> Use of uninitialized value in concatenation (.) or string at / >>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>> Use of uninitialized value in concatenation (.) or string at / >>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>> Can't exec "-IsItInstalled": No such file or directory at /usr/ >>>> lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>>> ...snip >>>> the above is repeated 5 more times >>>> ...snip >>>> >>>> Found these virus scanners installed: bitdefender, f-prot, >>>> clamavmodule, trend >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+dZgvw32o+k+q+hAQG61AgAmQhhlnMY2x1Ze2Sxm4bXrwuLancKv54G leY3Aj+Ac/AJVdkqGGHUGSRb6f0xn0YD/XTvJY6lcISunvKF7ofukk4KgKoHyEgJ R0HSwASUqal52vcYBsJwfRf5ppx9ytaX5vfqyfJieqg+CpD2X8TAcEa+Rqu7V7ZP 7oOBU+RMsdzMJeh8qlxX8ivpEQnd5EEeQOAaMEKmUYqm/tePystfvRQCo9sQjthU wEcpp9+mpRGKTR8lzvXEQ1SZApThNhZ+PQxPGBLUQee3GhqFd4dzAEFpcJ6xINYc 6QcfT2Zg5fZsmI9Gs+jD7RXCShLgI/8+YbE9L/Ogfg+6crMQbK15Kg== =0kyC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Mon Feb 6 14:33:10 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 14:33:29 2006 Subject: MailScanner lint errors? References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71> <41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk> Message-ID: <019601c62b2a$421e2350$0705000a@DDF5DW71> Julian, ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, February 06, 2006 9:13 AM Subject: Re: MailScanner lint errors? > -----BEGIN PGP SIGNED MESSAGE----- > > > On 6 Feb 2006, at 14:05, Steve Campbell wrote: > >> Julian, >> >> I'm seeing the same with respect to the PID file. My conf file >> points to /var/run/ and the file does exist. > > I'll take a look at this problem. What are your "Run As User" and > "Run As Group" set to? > These are set to , nothing. The PID file is owned by root.root. This does not seem to affect anything and MS runs with the error. >> I'm also seeing the dual restart problem, where I am required to >> start MS twice if I stop it. I alway need to 'killall sendmail', >> but this doesn't cause the need to start MS twice. There are no >> sendmail processes running before I start MS. There are no log >> errors, it just doesn't start. I just thought I would mention this >> off-thread part in case it might have something to do with the PID >> problem. > > Most likely cause is not waiting long enough between stopping and > starting. If there are any MailScanner processes still clearing up, > then it won't start. > Just restarting it again will extend the delay. I'll check the MailScanner processes before the next manual restarts. Thanks again. (I can never say that enough to you, Mr. Field) Steve Campbell campbell@cnpapers.com Charleston Newspapers > >> >> MS 4.50-15 >> MailWatch 1.0.3 >> SA 3.10 (or whatever was the latest as of last week) >> Tao Linux 1.0 Update 6 >> >> Thanks. >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> >> >> ----- Original Message ----- From: "Gerry Doris" >> To: "MailScanner discussion" >> Sent: Sunday, February 05, 2006 3:12 PM >> Subject: Re: MailScanner lint errors? >> >> >>> Julian Field wrote: >>>> I strongly suspect that none are relevant, apart from the Cannot >>>> write pid file error. Check this is set to something in your >>>> MailScanner.conf file. >>> >>> I checked MailScanner.conf and the MailScanner PID is set to /var/ >>> run/MailScanner.pid The file is really there and is being used. >>> >>> Like I said, there are no errors in any logs and mail is being >>> sent and received. It was working but I can't remember the last >>> time I tried it. >>> >>> I'm using the latest MailWatch. Would that be confusing the >>> MailScanner lint operation? >>> >>> >>>> >>>> Gerry Doris wrote: >>>> >>>>> I've started seeing errors after running MailScanner --lint >>>>> which I haven't seen before. >>>>> >>>>> I was running 4.50.10 and decided to upgrade to 4.50.15 today. >>>>> Everything went well and MailScanner is working properly. I see >>>>> no errors in any of the logs. Mail is being accepted and >>>>> delivered. >>>>> >>>>> MailScanner -v runs without errors but when I run MailScanner -- >>>>> lint I get the following: >>>>> >>>>> [root@tiger MailScanner]# MailScanner --lint >>>>> Read 701 hostnames from the phishing whitelist >>>>> Config: calling custom init function SQLBlacklist >>>>> Config: calling custom init function MailWatchLogging >>>>> Config: calling custom init function SQLWhitelist >>>>> Cannot write pid file , No such file or directory at /usr/sbin/ >>>>> MailScanner line 1238 >>>>> Checking for SpamAssassin errors (if you use it)... >>>>> Using SpamAssassin results cache >>>>> Connected to SpamAssassin cache database >>>>> SpamAssassin reported no errors. >>>>> >>>>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot >>>>> trend bitdefender" >>>>> >>>>> Use of uninitialized value in split at /usr/lib/MailScanner/ >>>>> MailScanner/SweepViruses.pm line 2879. >>>>> Use of uninitialized value in concatenation (.) or string at / >>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>> Use of uninitialized value in concatenation (.) or string at / >>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>> Can't exec "-IsItInstalled": No such file or directory at /usr/ >>>>> lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>>>> ...snip >>>>> the above is repeated 5 more times >>>>> ...snip >>>>> >>>>> Found these virus scanners installed: bitdefender, f-prot, >>>>> clamavmodule, trend >>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+dZgvw32o+k+q+hAQG61AgAmQhhlnMY2x1Ze2Sxm4bXrwuLancKv54G > leY3Aj+Ac/AJVdkqGGHUGSRb6f0xn0YD/XTvJY6lcISunvKF7ofukk4KgKoHyEgJ > R0HSwASUqal52vcYBsJwfRf5ppx9ytaX5vfqyfJieqg+CpD2X8TAcEa+Rqu7V7ZP > 7oOBU+RMsdzMJeh8qlxX8ivpEQnd5EEeQOAaMEKmUYqm/tePystfvRQCo9sQjthU > wEcpp9+mpRGKTR8lzvXEQ1SZApThNhZ+PQxPGBLUQee3GhqFd4dzAEFpcJ6xINYc > 6QcfT2Zg5fZsmI9Gs+jD7RXCShLgI/8+YbE9L/Ogfg+6crMQbK15Kg== > =0kyC > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Mon Feb 6 14:42:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 14:43:02 2006 Subject: MailScanner lint errors? In-Reply-To: <019601c62b2a$421e2350$0705000a@DDF5DW71> References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71> <41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk> <019601c62b2a$421e2350$0705000a@DDF5DW71> Message-ID: Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/11a38352/PGP.bin From campbell at cnpapers.com Mon Feb 6 15:05:46 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 15:05:58 2006 Subject: MailScanner lint errors? References: <43E650E2.7050805@rogers.com><43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71><41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk><019601c62b2a$421e2350$0705000a@DDF5DW71> Message-ID: <00f801c62b2e$cf231270$0705000a@DDF5DW71> How do I apply this? I can't seem to uncompress it. Do I just cd /usr/sbin/ and run patch -p0 < MailScanner.patch once this is uncompressed? Thanks Steve ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, February 06, 2006 9:42 AM Subject: Re: MailScanner lint errors? Please apply this patch to /usr/sbin/MailScanner and then try it again. -------------------------------------------------------------------------------- On 6 Feb 2006, at 14:33, Steve Campbell wrote: > Julian, > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Monday, February 06, 2006 9:13 AM > Subject: Re: MailScanner lint errors? > > >> -----BEGIN PGP SIGNED MESSAGE----- >> On 6 Feb 2006, at 14:05, Steve Campbell wrote: >>> Julian, >>> >>> I'm seeing the same with respect to the PID file. My conf file >>> points to /var/run/ and the file does exist. >> I'll take a look at this problem. What are your "Run As User" and >> "Run As Group" set to? > > These are set to , nothing. The PID file is owned by root.root. > > This does not seem to affect anything and MS runs with the error. > > >>> I'm also seeing the dual restart problem, where I am required to >>> start MS twice if I stop it. I alway need to 'killall sendmail', >>> but this doesn't cause the need to start MS twice. There are no >>> sendmail processes running before I start MS. There are no log >>> errors, it just doesn't start. I just thought I would mention >>> this off-thread part in case it might have something to do with >>> the PID problem. >> Most likely cause is not waiting long enough between stopping and >> starting. If there are any MailScanner processes still clearing >> up, then it won't start. >> Just restarting it again will extend the delay. > > I'll check the MailScanner processes before the next manual restarts. > > Thanks again. (I can never say that enough to you, Mr. Field) > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > >>> >>> MS 4.50-15 >>> MailWatch 1.0.3 >>> SA 3.10 (or whatever was the latest as of last week) >>> Tao Linux 1.0 Update 6 >>> >>> Thanks. >>> >>> Steve Campbell >>> campbell@cnpapers.com >>> Charleston Newspapers >>> >>> >>> >>> ----- Original Message ----- From: "Gerry Doris" >>> To: "MailScanner discussion" >>> Sent: Sunday, February 05, 2006 3:12 PM >>> Subject: Re: MailScanner lint errors? >>> >>> >>>> Julian Field wrote: >>>>> I strongly suspect that none are relevant, apart from the >>>>> Cannot write pid file error. Check this is set to something in >>>>> your MailScanner.conf file. >>>> >>>> I checked MailScanner.conf and the MailScanner PID is set to / >>>> var/ run/MailScanner.pid The file is really there and is being >>>> used. >>>> >>>> Like I said, there are no errors in any logs and mail is being >>>> sent and received. It was working but I can't remember the >>>> last time I tried it. >>>> >>>> I'm using the latest MailWatch. Would that be confusing the >>>> MailScanner lint operation? >>>> >>>> >>>>> >>>>> Gerry Doris wrote: >>>>> >>>>>> I've started seeing errors after running MailScanner --lint >>>>>> which I haven't seen before. >>>>>> >>>>>> I was running 4.50.10 and decided to upgrade to 4.50.15 >>>>>> today. Everything went well and MailScanner is working >>>>>> properly. I see no errors in any of the logs. Mail is being >>>>>> accepted and delivered. >>>>>> >>>>>> MailScanner -v runs without errors but when I run MailScanner >>>>>> -- lint I get the following: >>>>>> >>>>>> [root@tiger MailScanner]# MailScanner --lint >>>>>> Read 701 hostnames from the phishing whitelist >>>>>> Config: calling custom init function SQLBlacklist >>>>>> Config: calling custom init function MailWatchLogging >>>>>> Config: calling custom init function SQLWhitelist >>>>>> Cannot write pid file , No such file or directory at /usr/ >>>>>> sbin/ MailScanner line 1238 >>>>>> Checking for SpamAssassin errors (if you use it)... >>>>>> Using SpamAssassin results cache >>>>>> Connected to SpamAssassin cache database >>>>>> SpamAssassin reported no errors. >>>>>> >>>>>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot >>>>>> trend bitdefender" >>>>>> >>>>>> Use of uninitialized value in split at /usr/lib/MailScanner/ >>>>>> MailScanner/SweepViruses.pm line 2879. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Can't exec "-IsItInstalled": No such file or directory at / >>>>>> usr/ lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>>>>> ...snip >>>>>> the above is repeated 5 more times >>>>>> ...snip >>>>>> >>>>>> Found these virus scanners installed: bitdefender, f-prot, >>>>>> clamavmodule, trend >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> iQEVAwUBQ+dZgvw32o+k+q+hAQG61AgAmQhhlnMY2x1Ze2Sxm4bXrwuLancKv54G >> leY3Aj+Ac/AJVdkqGGHUGSRb6f0xn0YD/XTvJY6lcISunvKF7ofukk4KgKoHyEgJ >> R0HSwASUqal52vcYBsJwfRf5ppx9ytaX5vfqyfJieqg+CpD2X8TAcEa+Rqu7V7ZP >> 7oOBU+RMsdzMJeh8qlxX8ivpEQnd5EEeQOAaMEKmUYqm/tePystfvRQCo9sQjthU >> wEcpp9+mpRGKTR8lzvXEQ1SZApThNhZ+PQxPGBLUQee3GhqFd4dzAEFpcJ6xINYc >> 6QcfT2Zg5fZsmI9Gs+jD7RXCShLgI/8+YbE9L/Ogfg+6crMQbK15Kg== >> =0kyC >> -----END PGP SIGNATURE----- >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> Before posting, read http://wiki.mailscanner.info/posting >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------------------------------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Mon Feb 6 15:07:33 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 15:07:42 2006 Subject: MailScanner lint errors? References: <43E650E2.7050805@rogers.com><43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71><41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk><019601c62b2a$421e2350$0705000a@DDF5DW71> Message-ID: <010701c62b2f$0ed22c30$0705000a@DDF5DW71> Never mind about the uncompression, (typo) Steve ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, February 06, 2006 9:42 AM Subject: Re: MailScanner lint errors? Please apply this patch to /usr/sbin/MailScanner and then try it again. -------------------------------------------------------------------------------- On 6 Feb 2006, at 14:33, Steve Campbell wrote: > Julian, > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Monday, February 06, 2006 9:13 AM > Subject: Re: MailScanner lint errors? > > >> -----BEGIN PGP SIGNED MESSAGE----- >> On 6 Feb 2006, at 14:05, Steve Campbell wrote: >>> Julian, >>> >>> I'm seeing the same with respect to the PID file. My conf file >>> points to /var/run/ and the file does exist. >> I'll take a look at this problem. What are your "Run As User" and >> "Run As Group" set to? > > These are set to , nothing. The PID file is owned by root.root. > > This does not seem to affect anything and MS runs with the error. > > >>> I'm also seeing the dual restart problem, where I am required to >>> start MS twice if I stop it. I alway need to 'killall sendmail', >>> but this doesn't cause the need to start MS twice. There are no >>> sendmail processes running before I start MS. There are no log >>> errors, it just doesn't start. I just thought I would mention >>> this off-thread part in case it might have something to do with >>> the PID problem. >> Most likely cause is not waiting long enough between stopping and >> starting. If there are any MailScanner processes still clearing >> up, then it won't start. >> Just restarting it again will extend the delay. > > I'll check the MailScanner processes before the next manual restarts. > > Thanks again. (I can never say that enough to you, Mr. Field) > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > >>> >>> MS 4.50-15 >>> MailWatch 1.0.3 >>> SA 3.10 (or whatever was the latest as of last week) >>> Tao Linux 1.0 Update 6 >>> >>> Thanks. >>> >>> Steve Campbell >>> campbell@cnpapers.com >>> Charleston Newspapers >>> >>> >>> >>> ----- Original Message ----- From: "Gerry Doris" >>> To: "MailScanner discussion" >>> Sent: Sunday, February 05, 2006 3:12 PM >>> Subject: Re: MailScanner lint errors? >>> >>> >>>> Julian Field wrote: >>>>> I strongly suspect that none are relevant, apart from the >>>>> Cannot write pid file error. Check this is set to something in >>>>> your MailScanner.conf file. >>>> >>>> I checked MailScanner.conf and the MailScanner PID is set to / >>>> var/ run/MailScanner.pid The file is really there and is being >>>> used. >>>> >>>> Like I said, there are no errors in any logs and mail is being >>>> sent and received. It was working but I can't remember the >>>> last time I tried it. >>>> >>>> I'm using the latest MailWatch. Would that be confusing the >>>> MailScanner lint operation? >>>> >>>> >>>>> >>>>> Gerry Doris wrote: >>>>> >>>>>> I've started seeing errors after running MailScanner --lint >>>>>> which I haven't seen before. >>>>>> >>>>>> I was running 4.50.10 and decided to upgrade to 4.50.15 >>>>>> today. Everything went well and MailScanner is working >>>>>> properly. I see no errors in any of the logs. Mail is being >>>>>> accepted and delivered. >>>>>> >>>>>> MailScanner -v runs without errors but when I run MailScanner >>>>>> -- lint I get the following: >>>>>> >>>>>> [root@tiger MailScanner]# MailScanner --lint >>>>>> Read 701 hostnames from the phishing whitelist >>>>>> Config: calling custom init function SQLBlacklist >>>>>> Config: calling custom init function MailWatchLogging >>>>>> Config: calling custom init function SQLWhitelist >>>>>> Cannot write pid file , No such file or directory at /usr/ >>>>>> sbin/ MailScanner line 1238 >>>>>> Checking for SpamAssassin errors (if you use it)... >>>>>> Using SpamAssassin results cache >>>>>> Connected to SpamAssassin cache database >>>>>> SpamAssassin reported no errors. >>>>>> >>>>>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot >>>>>> trend bitdefender" >>>>>> >>>>>> Use of uninitialized value in split at /usr/lib/MailScanner/ >>>>>> MailScanner/SweepViruses.pm line 2879. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Can't exec "-IsItInstalled": No such file or directory at / >>>>>> usr/ lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>>>>> ...snip >>>>>> the above is repeated 5 more times >>>>>> ...snip >>>>>> >>>>>> Found these virus scanners installed: bitdefender, f-prot, >>>>>> clamavmodule, trend >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> iQEVAwUBQ+dZgvw32o+k+q+hAQG61AgAmQhhlnMY2x1Ze2Sxm4bXrwuLancKv54G >> leY3Aj+Ac/AJVdkqGGHUGSRb6f0xn0YD/XTvJY6lcISunvKF7ofukk4KgKoHyEgJ >> R0HSwASUqal52vcYBsJwfRf5ppx9ytaX5vfqyfJieqg+CpD2X8TAcEa+Rqu7V7ZP >> 7oOBU+RMsdzMJeh8qlxX8ivpEQnd5EEeQOAaMEKmUYqm/tePystfvRQCo9sQjthU >> wEcpp9+mpRGKTR8lzvXEQ1SZApThNhZ+PQxPGBLUQee3GhqFd4dzAEFpcJ6xINYc >> 6QcfT2Zg5fZsmI9Gs+jD7RXCShLgI/8+YbE9L/Ogfg+6crMQbK15Kg== >> =0kyC >> -----END PGP SIGNATURE----- >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> Before posting, read http://wiki.mailscanner.info/posting >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------------------------------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Mon Feb 6 15:12:36 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 15:12:44 2006 Subject: MailScanner lint errors? References: <43E650E2.7050805@rogers.com><43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71><41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk><019601c62b2a$421e2350$0705000a@DDF5DW71> Message-ID: <011601c62b2f$c37f6080$0705000a@DDF5DW71> Seems to have done the trick. At least it doesn't report an error. Also, there were MailScanner processes running and 'waiting for' running after shutdown, so this is probably why the need for dual starts. Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, February 06, 2006 9:42 AM Subject: Re: MailScanner lint errors? Please apply this patch to /usr/sbin/MailScanner and then try it again. -------------------------------------------------------------------------------- On 6 Feb 2006, at 14:33, Steve Campbell wrote: > Julian, > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Monday, February 06, 2006 9:13 AM > Subject: Re: MailScanner lint errors? > > >> -----BEGIN PGP SIGNED MESSAGE----- >> On 6 Feb 2006, at 14:05, Steve Campbell wrote: >>> Julian, >>> >>> I'm seeing the same with respect to the PID file. My conf file >>> points to /var/run/ and the file does exist. >> I'll take a look at this problem. What are your "Run As User" and >> "Run As Group" set to? > > These are set to , nothing. The PID file is owned by root.root. > > This does not seem to affect anything and MS runs with the error. > > >>> I'm also seeing the dual restart problem, where I am required to >>> start MS twice if I stop it. I alway need to 'killall sendmail', >>> but this doesn't cause the need to start MS twice. There are no >>> sendmail processes running before I start MS. There are no log >>> errors, it just doesn't start. I just thought I would mention >>> this off-thread part in case it might have something to do with >>> the PID problem. >> Most likely cause is not waiting long enough between stopping and >> starting. If there are any MailScanner processes still clearing >> up, then it won't start. >> Just restarting it again will extend the delay. > > I'll check the MailScanner processes before the next manual restarts. > > Thanks again. (I can never say that enough to you, Mr. Field) > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > >>> >>> MS 4.50-15 >>> MailWatch 1.0.3 >>> SA 3.10 (or whatever was the latest as of last week) >>> Tao Linux 1.0 Update 6 >>> >>> Thanks. >>> >>> Steve Campbell >>> campbell@cnpapers.com >>> Charleston Newspapers >>> >>> >>> >>> ----- Original Message ----- From: "Gerry Doris" >>> To: "MailScanner discussion" >>> Sent: Sunday, February 05, 2006 3:12 PM >>> Subject: Re: MailScanner lint errors? >>> >>> >>>> Julian Field wrote: >>>>> I strongly suspect that none are relevant, apart from the >>>>> Cannot write pid file error. Check this is set to something in >>>>> your MailScanner.conf file. >>>> >>>> I checked MailScanner.conf and the MailScanner PID is set to / >>>> var/ run/MailScanner.pid The file is really there and is being >>>> used. >>>> >>>> Like I said, there are no errors in any logs and mail is being >>>> sent and received. It was working but I can't remember the >>>> last time I tried it. >>>> >>>> I'm using the latest MailWatch. Would that be confusing the >>>> MailScanner lint operation? >>>> >>>> >>>>> >>>>> Gerry Doris wrote: >>>>> >>>>>> I've started seeing errors after running MailScanner --lint >>>>>> which I haven't seen before. >>>>>> >>>>>> I was running 4.50.10 and decided to upgrade to 4.50.15 >>>>>> today. Everything went well and MailScanner is working >>>>>> properly. I see no errors in any of the logs. Mail is being >>>>>> accepted and delivered. >>>>>> >>>>>> MailScanner -v runs without errors but when I run MailScanner >>>>>> -- lint I get the following: >>>>>> >>>>>> [root@tiger MailScanner]# MailScanner --lint >>>>>> Read 701 hostnames from the phishing whitelist >>>>>> Config: calling custom init function SQLBlacklist >>>>>> Config: calling custom init function MailWatchLogging >>>>>> Config: calling custom init function SQLWhitelist >>>>>> Cannot write pid file , No such file or directory at /usr/ >>>>>> sbin/ MailScanner line 1238 >>>>>> Checking for SpamAssassin errors (if you use it)... >>>>>> Using SpamAssassin results cache >>>>>> Connected to SpamAssassin cache database >>>>>> SpamAssassin reported no errors. >>>>>> >>>>>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot >>>>>> trend bitdefender" >>>>>> >>>>>> Use of uninitialized value in split at /usr/lib/MailScanner/ >>>>>> MailScanner/SweepViruses.pm line 2879. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Can't exec "-IsItInstalled": No such file or directory at / >>>>>> usr/ lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>>>>> ...snip >>>>>> the above is repeated 5 more times >>>>>> ...snip >>>>>> >>>>>> Found these virus scanners installed: bitdefender, f-prot, >>>>>> clamavmodule, trend >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> iQEVAwUBQ+dZgvw32o+k+q+hAQG61AgAmQhhlnMY2x1Ze2Sxm4bXrwuLancKv54G >> leY3Aj+Ac/AJVdkqGGHUGSRb6f0xn0YD/XTvJY6lcISunvKF7ofukk4KgKoHyEgJ >> R0HSwASUqal52vcYBsJwfRf5ppx9ytaX5vfqyfJieqg+CpD2X8TAcEa+Rqu7V7ZP >> 7oOBU+RMsdzMJeh8qlxX8ivpEQnd5EEeQOAaMEKmUYqm/tePystfvRQCo9sQjthU >> wEcpp9+mpRGKTR8lzvXEQ1SZApThNhZ+PQxPGBLUQee3GhqFd4dzAEFpcJ6xINYc >> 6QcfT2Zg5fZsmI9Gs+jD7RXCShLgI/8+YbE9L/Ogfg+6crMQbK15Kg== >> =0kyC >> -----END PGP SIGNATURE----- >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> Before posting, read http://wiki.mailscanner.info/posting >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------------------------------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From realmcking at gmail.com Mon Feb 6 15:15:40 2006 From: realmcking at gmail.com (Mark McCoy) Date: Mon Feb 6 15:15:44 2006 Subject: http://cme.mitre.org/index.html In-Reply-To: <43E3E330.4070006@crackerbarrel.com> References: <01ee01c62384$212adbf0$6500a8c0@kdinet.local> <43DA91F8.6080809@ecs.soton.ac.uk> <43E3E330.4070006@crackerbarrel.com> Message-ID: On 2/3/06, Carl Andrews wrote: > I just ran across this site and thought others on this list might find > it useful. With all of the different AV engines we use, it is nice to > see a place where all of the different names/aliases for each are > identified. > > > http://cme.mitre.org/index.html > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Nice. -- Mark McCoy -- Professional Unix geek "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. " -- Charles Babbage From bpumphrey at WoodMacLaw.com Mon Feb 6 15:16:45 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Mon Feb 6 15:16:49 2006 Subject: OT: Win32/Mywife.E@mm Message-ID: <04D932B0071FE34FA63EBB1977B48D15C2BD7B@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > Sent: Saturday, February 04, 2006 8:27 AM > To: MailScanner discussion > Subject: RE: OT: Win32/Mywife.E@mm > > Someone wrote: > > > > > Naturally as long as everything is up to date things should be ok. > > > > People don't really know that a virus is going to happen before it > does > > > > do they? > > > > Only if the bug has a timer/date trigger in them. They get installed, > > > then lie in wait, and BAM do nasty things later. Once detected early, > > > we effectively reverse engineer the virus code, know that the virus > will > > > trigger in the future, thus know it's going to happen before. Once > users > > > update their scanning softs they can be assured the bug will be > > > eradicated before they trigger. > > > > The media is a funny animal, they latch onto these bugs seemingly at > > > random, spreading doom and gloom, when we techs know that new bugs are > > > a daily occurrence, and are quickly and quietly squished by anti-virus > > > community. > > Of course the media loves to hype these things, but I think that this was > a valid case for some extra attention. Not only was the worm particularly > destructive (just one single infected machine on a network could have > destroyed all files in a shared folder on a file server that the machine > had access to), but early copies did manage to get through the virus > scanners and MailScanner itself. I have not come across that situation > since the Bagle worm with its password-protected zip files. > > Because we log the attachments that are sent to users we were able to > determine that 6 of our 2500 members had received copies of the virus in > uuencoded form. One of those 6 then opened the attachment with WinZip and > got infected as a result. Fortunately we were able to clean up their > infection before Friday, so no damage was done. > > I think the media hype was a useful wakeup call to ordinary users to get > them to update their antivirus software and to keep backups on separate > media. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > Good call and thanks for the responses guys. From cobalt-users1 at fishnet.co.uk Mon Feb 6 15:56:39 2006 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Mon Feb 6 15:54:22 2006 Subject: Process did not exit cleanly, returned 255 with signal 0 Message-ID: <43E771B7.31654.81EC448B@cobalt-users1.fishnet.co.uk> Hi, I get this error in /var/log/messages after upgrading MailScanner to the latest version: root: Process did not exit cleanly, returned 255 with signal 0 [root@host ~]# MailScanner -v Running on Linux host 2.6.12-1.1376_FC3 #1 Fri Aug 26 23:27:26 EDT 2005 i686 i686 i386 GNU/Linux This is Fedora Core release 3 (Heidelberg) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.15 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.08 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.49 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI I am running MailScanner with sendmail and using f-prot for virus scanning. At the moment all virus scanning is off and only SpamAssassin checks are on. SpamAssassin cache is off. Can someone pleas explain how I can debug this further? There is also one spam message stuck in my incoming queue directory, I can forward a copy if any wants it. Thanks Ian -- From mailscanner at PDSCC.COM Mon Feb 6 16:24:00 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Mon Feb 6 16:24:05 2006 Subject: procedures for getting stuff out of the quarantine on older MS version In-Reply-To: References: <200507021155.EAA08363@sheridan.sibble.net> Message-ID: <200602100349.TAA26624@sheridan.sibble.net> Julian, did this ever get implemented? I don't see anything in the wiki about this... On 30 Jun 2005 at 11:48, Julian Field wrote: > What may be some use is a system we are working on here that will > allow users to retrieve files from the quarantine, with a sysadmin > approving or denying each case given the relevant log entries to look > at. > > This may be the solution for you. The guys working on it are busy > with other things today, but I would hope this system will be up and > running within the next couple of weeks or so. So version 1 will be > out then, and we will develop and improve the system once we start > using it in production. > > This will be available free from www.mailscanner.info. > > On 30 Jun 2005, at 07:28, Harondel J. Sibble wrote: > > > Forgot to mention, this is a mail relay box/frontend for the > > internal Samsung > > Contact machine that hosts all the mail and mail accounts. > > > > On 29 Jun 2005 at 23:21, Harondel J. Sibble wrote: > > > > > >> Have a mail relay box running an older version of MS, 4.25-14 to > >> be exact, > >> plans are to upgrade it in the next few weeks to the latest > >> version, however, > >> one small problem, wondering how other folks solved this, had a > >> look at the > >> maq's and faq's but didn't see anything specific to this: > >> > > > > -- > > Harondel J. Sibble > > Sibble Computer Consulting > > Creating solutions for the small business and home computer user. > > help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > > (604) 739-3709 (voice/fax) (604) 686-2253 (pager) > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From listacct at tulsaconnect.com Mon Feb 6 16:37:54 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 6 16:37:50 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: References: Message-ID: <43E77B62.20805@tulsaconnect.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I have just released a new beta 4.50.12. See the Change Log for all > the details, it's getting pretty long this month. > > 1 particular feature I would like you to test for me: please set > Virus Scanners = auto > and see what it does. > > Thanks guys! We upgraded to 4.50.15 (from 4.47.4, which has been running fine) last night on our (4) MailScanner boxes. They are running FreeBSD 4.9 (a few 4.10) with 2GB of RAM and (1) 36GB 15KRPM SCSI drive. We run exim as the MTA (version 4.34) with a split spool. We use 3 different A/V scanners (mcafee, f-prot, and kaspersky) and have SpamAssassin 3.1.0 installed w/Perl 5.8.2. We load balance the incoming load via multiple DNS A-records, which has always worked fine. Anyway, after the upgrade, performance went down big time, and all of the boxes eventually died with an "out of swap space" type message (I did check that the disk has plenty of free space after a hard reboot to get the box back up and responsive). I'm still investigating (we've reverted back to 4.47.4 and are working our way through the 80,000 message backlog) but I thought I would report it ASAP. I did have the new SpamAssassin caching turned on, but other than that, I did not make any changes to my MailScanner.conf compared to the previous version. I did install the latest DBI and DBD::SqlLite via CPAN without a problem. We have MailScanner doing the RBL lookups against various DNSBLs, and it doesn't pass it to SA if it his a RBL. We have a copy of djbdns's dnscache running locally on each box for DNS lookup speed. If it does pass a RBL check, SA does do its normal amount of checking, including SURBL lookups. I do have a few rulesets I got from Rules De Jour installed and working, and I do use the "Is Definitely Not Spam = &ByDomainSpamWhitelist" for whitelist lookups. Once we catch up on the queue, I'll try and turn on debugging to see what the issue is. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From gmane at tippingmar.com Mon Feb 6 02:36:04 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Feb 6 16:43:32 2006 Subject: MajorSophos update Message-ID: <43E6B614.4010603@tippingmar.com> According to the Sophos release notes: "There are two versions provided for Linux/Intel (libc6). Older libc6 systems should use the Linux on Intel (using libc6) version. This will work on systems with glibc 2.0 and 2.1. Newer libc6 systems with glibc 2.2 or above should use the glibc 2.2 tarball; this incorporates new features such as large file support and improved multi-threading capabilities." I guess this has been true for some time, but I have been happily (blindly?) using the older libc6 version with no problems on systems that could be using the glibc2.2 version. I recently switched to the glibc2.2 version though and had to tweak MajorSophos a bit to get it working. (MajorSophos is a shell script that downloads and installs the latest sophos program, usually run from cron once per month. MailScanner takes care of the hourly IDE updates.) The updated MajorSophos is available at http://www.tippingmar.com/majorsophos This version downloads and installs sophos for glibc2.2 by default but still has the older download file indicated in a comment line. It also has more complete version reporting since sophos now versions the product, engine, and virus data separately. It also unpacks the downloaded file before calling MailScanner's sophos installation script, since that script only unpacks the older libc6 version. Mark Nienberg Tipping Mar + associates Berkeley, CA From help at pdscc.com Mon Feb 6 16:23:27 2006 From: help at pdscc.com (Harondel J. Sibble) Date: Mon Feb 6 16:43:44 2006 Subject: procedures for getting stuff out of the quarantine on older MS version In-Reply-To: References: <200507021155.EAA08363@sheridan.sibble.net> Message-ID: <200602100348.TAA26615@sheridan.sibble.net> Julian, did this ever get implemented? I don't see anything in the wiki about this... On 30 Jun 2005 at 11:48, Julian Field wrote: > What may be some use is a system we are working on here that will > allow users to retrieve files from the quarantine, with a sysadmin > approving or denying each case given the relevant log entries to look > at. > > This may be the solution for you. The guys working on it are busy > with other things today, but I would hope this system will be up and > running within the next couple of weeks or so. So version 1 will be > out then, and we will develop and improve the system once we start > using it in production. > > This will be available free from www.mailscanner.info. > > On 30 Jun 2005, at 07:28, Harondel J. Sibble wrote: > > > Forgot to mention, this is a mail relay box/frontend for the > > internal Samsung > > Contact machine that hosts all the mail and mail accounts. > > > > On 29 Jun 2005 at 23:21, Harondel J. Sibble wrote: > > > > > >> Have a mail relay box running an older version of MS, 4.25-14 to > >> be exact, > >> plans are to upgrade it in the next few weeks to the latest > >> version, however, > >> one small problem, wondering how other folks solved this, had a > >> look at the > >> maq's and faq's but didn't see anything specific to this: > >> > > > > -- > > Harondel J. Sibble > > Sibble Computer Consulting > > Creating solutions for the small business and home computer user. > > help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > > (604) 739-3709 (voice/fax) (604) 686-2253 (pager) > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From ius at rbrana.co.id Mon Feb 6 01:00:20 2006 From: ius at rbrana.co.id (ius) Date: Mon Feb 6 16:43:51 2006 Subject: dcc failure Message-ID: <43E69FA4.1020404@rbrana.co.id> Dear mailscanner, I got this error messages when do the spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly and placed where it should be [7934] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc Does anyone know what it is ? Thanks alot ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 6 16:46:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 16:46:18 2006 Subject: procedures for getting stuff out of the quarantine on older MS version In-Reply-To: <200602100349.TAA26624@sheridan.sibble.net> References: <200507021155.EAA08363@sheridan.sibble.net> <200602100349.TAA26624@sheridan.sibble.net> Message-ID: <43E77D59.1030007@ecs.soton.ac.uk> It's finally in beta-testing. The guy who wrote it rather tailored it to our site unfortunately. I'll let you know when there is something presentable for you. Harondel J. Sibble wrote: > Julian, did this ever get implemented? I don't see anything in the wiki about > this... > > On 30 Jun 2005 at 11:48, Julian Field wrote: > > >> What may be some use is a system we are working on here that will >> allow users to retrieve files from the quarantine, with a sysadmin >> approving or denying each case given the relevant log entries to look >> at. >> >> This may be the solution for you. The guys working on it are busy >> with other things today, but I would hope this system will be up and >> running within the next couple of weeks or so. So version 1 will be >> out then, and we will develop and improve the system once we start >> using it in production. >> >> This will be available free from www.mailscanner.info. >> >> On 30 Jun 2005, at 07:28, Harondel J. Sibble wrote: >> >> >>> Forgot to mention, this is a mail relay box/frontend for the >>> internal Samsung >>> Contact machine that hosts all the mail and mail accounts. >>> >>> On 29 Jun 2005 at 23:21, Harondel J. Sibble wrote: >>> >>> >>> >>>> Have a mail relay box running an older version of MS, 4.25-14 to >>>> be exact, >>>> plans are to upgrade it in the next few weeks to the latest >>>> version, however, >>>> one small problem, wondering how other folks solved this, had a >>>> look at the >>>> maq's and faq's but didn't see anything specific to this: >>>> >>>> >>> -- >>> Harondel J. Sibble >>> Sibble Computer Consulting >>> Creating solutions for the small business and home computer user. >>> help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com >>> (604) 739-3709 (voice/fax) (604) 686-2253 (pager) >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 6 16:51:27 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 16:51:26 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: <43E77B62.20805@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> Message-ID: <43E77E8F.5000300@ecs.soton.ac.uk> TCIS List Acct wrote: > > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I have just released a new beta 4.50.12. See the Change Log for all >> the details, it's getting pretty long this month. >> >> 1 particular feature I would like you to test for me: please set >> Virus Scanners = auto >> and see what it does. >> >> Thanks guys! > > We upgraded to 4.50.15 (from 4.47.4, which has been running fine) last > night on our (4) MailScanner boxes. They are running FreeBSD 4.9 (a > few 4.10) with 2GB of RAM and (1) 36GB 15KRPM SCSI drive. We run exim > as the MTA (version 4.34) with a split spool. We use 3 different A/V > scanners (mcafee, f-prot, and kaspersky) and have SpamAssassin 3.1.0 > installed w/Perl 5.8.2. We load balance the incoming load via > multiple DNS A-records, which has always worked fine. > > Anyway, after the upgrade, performance went down big time, and all of > the boxes eventually died with an "out of swap space" type message (I > did check that the disk has plenty of free space after a hard reboot > to get the box back up and responsive). I'm still investigating > (we've reverted back to 4.47.4 and are working our way through the > 80,000 message backlog) but I thought I would report it ASAP. > > I did have the new SpamAssassin caching turned on, but other than > that, I did not make any changes to my MailScanner.conf compared to > the previous version. I did install the latest DBI and DBD::SqlLite > via CPAN without a problem. The only thing I can think of is the SpamAssassin cache. Try switching it off and see if performance improves. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Feb 6 16:52:35 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 6 16:52:43 2006 Subject: dcc failure In-Reply-To: <43E69FA4.1020404@rbrana.co.id> References: <43E69FA4.1020404@rbrana.co.id> Message-ID: <223f97700602060852r3238fd76t@mail.gmail.com> On 06/02/06, ius wrote: > Dear mailscanner, > > I got this error messages when do the spamassassin -D --lint -p > /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly and > placed where it should be > > [7934] warn: config: failed to parse line, skipping: dcc_path > /usr/local/bin/dccproc > [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc > > Does anyone know what it is ? > > Thanks alot > ius What MailScanner and Spamassassin versions do you have? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From David.While at uce.ac.uk Mon Feb 6 16:54:03 2006 From: David.While at uce.ac.uk (David While) Date: Mon Feb 6 16:54:09 2006 Subject: dcc failure Message-ID: <294B4B3243E76C4BA4FF7F54003B3BE1EFAD98@exchangea.staff.uce.ac.uk> Search the list archive - this has been answered before!! I think it is something to do with init.pre and having to remove the comments from the dcc plugin load statement. -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of ius Sent: 06 February 2006 01:00 To: MailScanner mailing list Subject: dcc failure Dear mailscanner, I got this error messages when do the spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly and placed where it should be [7934] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc Does anyone know what it is ? Thanks alot ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Mon Feb 6 17:08:59 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Feb 6 17:09:06 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: <43E77E8F.5000300@ecs.soton.ac.uk> Message-ID: <018e01c62b40$05394b20$3004010a@martinhlaptop> Another thing that might have got you is permission on the new SA cache. Make sure the exim user (mailnull????) can write to the file and directory. I *think* it gets created by the install routine, but that may be for the wrong user of you run an MTA like exim or PF that doesn't normally run as root. I'm running all this on FBSD no problems.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 06 February 2006 16:51 > To: MailScanner discussion > Subject: Re: 4.50.15 - Big problems on FreeBSD / exim > > > > TCIS List Acct wrote: > > > > > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> I have just released a new beta 4.50.12. See the Change Log for all > >> the details, it's getting pretty long this month. > >> > >> 1 particular feature I would like you to test for me: please set > >> Virus Scanners = auto > >> and see what it does. > >> > >> Thanks guys! > > > > We upgraded to 4.50.15 (from 4.47.4, which has been running fine) last > > night on our (4) MailScanner boxes. They are running FreeBSD 4.9 (a > > few 4.10) with 2GB of RAM and (1) 36GB 15KRPM SCSI drive. We run exim > > as the MTA (version 4.34) with a split spool. We use 3 different A/V > > scanners (mcafee, f-prot, and kaspersky) and have SpamAssassin 3.1.0 > > installed w/Perl 5.8.2. We load balance the incoming load via > > multiple DNS A-records, which has always worked fine. > > > > Anyway, after the upgrade, performance went down big time, and all of > > the boxes eventually died with an "out of swap space" type message (I > > did check that the disk has plenty of free space after a hard reboot > > to get the box back up and responsive). I'm still investigating > > (we've reverted back to 4.47.4 and are working our way through the > > 80,000 message backlog) but I thought I would report it ASAP. > > > > I did have the new SpamAssassin caching turned on, but other than > > that, I did not make any changes to my MailScanner.conf compared to > > the previous version. I did install the latest DBI and DBD::SqlLite > > via CPAN without a problem. > The only thing I can think of is the SpamAssassin cache. Try switching > it off and see if performance improves. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From naolson at gmail.com Mon Feb 6 17:10:38 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Feb 6 17:10:41 2006 Subject: dcc failure In-Reply-To: <43E69FA4.1020404@rbrana.co.id> References: <43E69FA4.1020404@rbrana.co.id> Message-ID: <8f54b4330602060910s341579fcna102d87191769f68@mail.gmail.com> If you're using SA 3.1.0 you need to have the DCC plugin loaded. Nate From Edge at twu.ca Mon Feb 6 17:21:32 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 17:21:38 2006 Subject: ALL_TRUSTED problems Message-ID: Hi Julian, I tried your suggestion late on Friday, but I am still having the same problem. SA --lint still indicates that the file mailscanner.cf is being loaded and used and it does detect errors if I deliberately create a syntax error for a directive. Not only does it not recognize my 'score ALL_TRUSTED 0', but it seems to ignore most of the other directives such as the 'score BAYES_....' modified scores. While ALL_TRUSTED does not seem to fire as often as it used to, it is still giving false positives. Our two gateways are NAT'ed by the way. It also ignores any of my 'trusted_networks' entries. Another issue is with the DCC and Pyzor tests. I have them properly installed and spamassassin --lint sees them and tells me they are working, but I do not see any references to DCC or Pyzor tests in maillog. Spamassassin --lint does recognize the change when I turn these two test off and then on again through mailscanner.cf. I have attached the entire output from lint in sa-lint.txt. Maybe someone can see something I am missing. Any other ideas? Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 02, 2006 11:21 AM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems If that is what you want to do, then do a locate SpamAssassin.pm and delete it and re-install SpamAssassin 3.1.0. Richard Edge wrote: > In my situation, I am already at SA 3.1.0. Should I try something > drastic like uninstalling SA and doing a new install or forcing an > install over the existing installation. If so what is the best way to > proceed. > > Richard Edge > Senior Systems Administrator | Technology Services Trinity Western > University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Thursday, February 02, 2006 10:34 AM > To: MailScanner discussion > Subject: Re: ALL_TRUSTED problems > > Scott Silva wrote: > >> dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: >> >>> At 07:59 PM 2/1/2006, you wrote: >>> >>> debug: SpamAssassin version 3.0.3 >>> Thanks, >>> Glenn Parsons >>> >> Have you considered upgrading to spamassassin 3.1.0? >> > > > Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR > bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's > algorithm, which deals better with parsing problems. > > > 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. > > 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted > relays and no unparseable relays. > > The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there > are no parseable headers. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- [22282] dbg: logger: adding facilities: all [22282] dbg: logger: logging level is DBG [22282] dbg: generic: SpamAssassin version 3.1.0 [22282] dbg: config: score set 0 chosen. [22282] dbg: util: running in taint mode? yes [22282] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [22282] dbg: util: PATH included '/usr/kerberos/sbin', keeping [22282] dbg: util: PATH included '/usr/kerberos/bin', keeping [22282] dbg: util: PATH included '/usr/local/sbin', keeping [22282] dbg: util: PATH included '/usr/local/bin', keeping [22282] dbg: util: PATH included '/sbin', keeping [22282] dbg: util: PATH included '/bin', keeping [22282] dbg: util: PATH included '/usr/sbin', keeping [22282] dbg: util: PATH included '/usr/bin', keeping [22282] dbg: util: PATH included '/usr/X11R6/bin', keeping [22282] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [22282] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [22282] dbg: dns: is Net::DNS::Resolver available? yes [22282] dbg: dns: Net::DNS version: 0.55 [22282] dbg: dns: name server: 10.10.118.4, family: 2, ipv6: 0 [22282] dbg: diag: perl platform: 5.008 linux [22282] dbg: diag: module installed: Digest::SHA1, version 2.10 [22282] dbg: diag: module installed: Net::DNS, version 0.55 [22282] dbg: diag: module installed: Net::SMTP, version 2.29 [22282] dbg: diag: module installed: Mail::SPF::Query, version 1.997 [22282] dbg: diag: module installed: IP::Country::Fast, version 309.002 [22282] dbg: diag: module installed: Razor2::Client::Agent, version 2.77 [22282] dbg: diag: module installed: Net::Ident, version 1.20 [22282] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [22282] dbg: diag: module installed: IO::Socket::SSL, version 0.96 [22282] dbg: diag: module installed: Time::HiRes, version 1.86 [22282] dbg: diag: module installed: DBI, version 1.50 [22282] dbg: diag: module installed: Getopt::Long, version 2.32 [22282] dbg: diag: module installed: LWP::UserAgent, version 2.033 [22282] dbg: diag: module installed: HTTP::Date, version 1.47 [22282] dbg: diag: module installed: Archive::Tar, version 1.26 [22282] dbg: diag: module installed: IO::Zlib, version 1.04 [22282] dbg: diag: module installed: DB_File, version 1.810 [22282] dbg: diag: module installed: HTML::Parser, version 3.48 [22282] dbg: diag: module installed: MIME::Base64, version 3.05 [22282] dbg: ignore: using a test message to lint rules [22282] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [22282] dbg: config: read file /etc/mail/spamassassin/init.pre [22282] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [22282] dbg: config: using "/usr/share/spamassassin" for default rules dir [22282] dbg: config: read file /usr/share/spamassassin/10_misc.cf [22282] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [22282] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [22282] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [22282] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [22282] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [22282] dbg: config: read file /usr/share/spamassassin/20_porn.cf [22282] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [22282] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [22282] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [22282] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [22282] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [22282] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [22282] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [22282] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [22282] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [22282] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [22282] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [22282] dbg: config: read file /usr/share/spamassassin/25_replace.cf [22282] dbg: config: read file /usr/share/spamassassin/25_spf.cf [22282] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [22282] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [22282] dbg: config: read file /usr/share/spamassassin/50_scores.cf [22282] dbg: config: read file /usr/share/spamassassin/60_awl.cf [22282] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [22282] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [22282] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [22282] dbg: config: using "/etc/mail/spamassassin" for site rules dir [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf [22282] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf [22282] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [22282] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf [22282] dbg: config: read file /etc/mail/spamassassin/local.cf [22282] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [22282] dbg: config: using "/root/.spamassassin" for user state dir [22282] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file [22282] dbg: config: read file /root/.spamassassin/user_prefs [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [22282] dbg: dcc: network tests on, registering DCC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x915b894) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [22282] dbg: pyzor: network tests on, attempting Pyzor [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0xa2a124c) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [22282] dbg: reporter: network tests on, attempting SpamCop [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0xa2f09f0) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0xa2b113c) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0xa2d4478) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xa2d4eec) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0xa2d5b88) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa2d6c08) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xa2d7484) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa3b0b48) [22282] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [22282] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [22282] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [22282] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [22282] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [22282] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i [22282] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [22282] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa2d6c08) implements 'finish_parsing_end' [22282] dbg: replacetags: replacing tags [22282] dbg: replacetags: done replacing tags [22282] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks [22282] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen [22282] dbg: bayes: found bayes db version 3 [22282] dbg: bayes: DB journal sync: last sync: 1139246302 [22282] dbg: config: score set 3 chosen. [22282] dbg: message: ---- MIME PARSER START ---- [22282] dbg: message: main message type: text/plain [22282] dbg: message: parsing normal part [22282] dbg: message: added part, type: text/plain [22282] dbg: message: ---- MIME PARSER END ---- [22282] dbg: dns: dns_available set to yes in config file, skipping test [22282] dbg: metadata: X-Spam-Relays-Trusted: [22282] dbg: metadata: X-Spam-Relays-Untrusted: [22282] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xa2d7484) implements 'extract_metadata' [22282] dbg: metadata: X-Relay-Countries: [22282] dbg: message: no encoding detected [22282] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa3b0b48) implements 'parsed_metadata' [22282] dbg: uridnsbl: domains to query: [22282] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop [22282] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted [22282] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl [22282] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted [22282] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop [22282] dbg: dns: checking RBL combined.njabl.org., set njabl [22282] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois [22282] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop [22282] dbg: dns: checking RBL bl.spamcop.net., set spamcop [22282] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted [22282] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop [22282] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop [22282] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs [22282] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted [22282] dbg: check: running tests for priority: 0 [22282] dbg: rules: running header regexp tests; score so far=0 [22282] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [22282] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1139246387@lint_rules> [22282] dbg: rules: " [22282] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [22282] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [22282] dbg: rules: " [22282] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1139246387" [22282] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: spf: message was delivered entirely via trusted relays, not required [22282] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [22282] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xa2d4eec)) [22282] dbg: eval: all '*To' addrs: [22282] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: spf: message was delivered entirely via trusted relays, not required [22282] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: rules: ran eval rule NO_RELAYS ======> got hit [22282] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: spf: cannot get Envelope-From, cannot use SPF [22282] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [22282] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [22282] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xa2d4eec)) [22282] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: spf: spf_whitelist_from: could not find useable envelope sender [22282] dbg: rules: running body-text per-line regexp tests; score so far=0.96 [22282] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [22282] dbg: uri: running uri tests; score so far=0.96 [22282] dbg: bayes: DB journal sync: last sync: 1139246302 [22282] dbg: bayes: corpus size: nspam = 92853, nham = 854129 [22282] dbg: bayes: score = 0.121500989732988 [22282] dbg: bayes: DB journal sync: last sync: 1139246302 [22282] dbg: bayes: untie-ing [22282] dbg: bayes: untie-ing db_toks [22282] dbg: bayes: untie-ing db_seen [22282] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa3b0b48)) [22282] dbg: rules: ran eval rule BAYES_20 ======> got hit [22282] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.22 [22282] dbg: rules: running full-text regexp tests; score so far=0.22 [22282] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0xa2a124c)) [22282] dbg: pyzor: pyzor is available: /usr/bin/pyzor [22282] dbg: info: entering helper-app run mode [22282] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin22282pJYxu8tmp [22286] dbg: util: setuid: ruid=0 euid=0 [22282] dbg: pyzor: [22286] finished: exit=0x0100 [22282] dbg: pyzor: got response: 66.250.40.33:24441_(200, 'OK')_0_0 [22282] dbg: info: leaving helper-app run mode [22282] dbg: plugin: registering glue method for check_dcc (Mail::SpamAssassin::Plugin::DCC=HASH(0x915b894)) [22282] dbg: dcc: dccifd is available: /var/dcc/dccifd [22282] dbg: info: entering helper-app run mode [22282] dbg: dcc: dccifd got response: X-DCC-sonic.net-Metrics: mx10.twu.ca 1117; Body=73064 Fuz1=73064 Fuz2=176837 [22282] dbg: info: leaving helper-app run mode [22282] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa3b0b48) implements 'check_tick' [22282] dbg: check: running tests for priority: 500 [22282] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa3b0b48) implements 'check_post_dnsbl' [22282] dbg: rules: running meta tests; score so far=0.22 [22282] dbg: rules: running header regexp tests; score so far=2.166 [22282] dbg: rules: running body-text per-line regexp tests; score so far=2.166 [22282] dbg: uri: running uri tests; score so far=2.166 [22282] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.166 [22282] dbg: rules: running full-text regexp tests; score so far=2.166 [22282] dbg: check: running tests for priority: 1000 [22282] dbg: rules: running meta tests; score so far=2.166 [22282] dbg: rules: running header regexp tests; score so far=2.166 [22282] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0xa2b113c)) [22282] dbg: rules: running body-text per-line regexp tests; score so far=2.166 [22282] dbg: uri: running uri tests; score so far=2.166 [22282] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.166 [22282] dbg: rules: running full-text regexp tests; score so far=2.166 [22282] dbg: check: is spam? score=2.166 required=5 [22282] dbg: check: tests=BAYES_20,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [22282] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID From Edge at twu.ca Mon Feb 6 17:30:09 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 17:31:11 2006 Subject: ALL_TRUSTED problems Message-ID: Hi Scott, I tried your suggestion, but still no joy. Thanks anyways. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Thursday, February 02, 2006 11:49 AM To: mailscanner@lists.mailscanner.info Subject: Re: ALL_TRUSTED problems > > The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there > are no parseable headers. > -- This thread has gotten very confusing! I take it there are 2 people with a similar problem, but more than likely 2 different solutions. I had a problem with a spamassassin install sometime back where it was defaulting to looking for its rules in /usr/etc/mail/spamassassin. It took days to track this down. If you have this problem, I fixed it with a symlink from /usr/etc/mail/spamassassin pointing to /etc/mail/spamassassin. Maybe way off, but a guess s all I have... From listacct at tulsaconnect.com Mon Feb 6 17:45:56 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 6 17:45:51 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: <018e01c62b40$05394b20$3004010a@martinhlaptop> References: <018e01c62b40$05394b20$3004010a@martinhlaptop> Message-ID: <43E78B54.6040709@tulsaconnect.com> Martin Hepworth wrote: > > Another thing that might have got you is permission on the new SA cache. > > Make sure the exim user (mailnull????) can write to the file and directory. > I *think* it gets created by the install routine, but that may be for the > wrong user of you run an MTA like exim or PF that doesn't normally run as > root. > > I'm running all this on FBSD no problems.. Yes, I checked that, and the file existed and the permissions were correct.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From realmcking at gmail.com Mon Feb 6 17:48:09 2006 From: realmcking at gmail.com (Mark McCoy) Date: Mon Feb 6 17:48:12 2006 Subject: We need to do some cleanup in the wiki... In-Reply-To: <814A6FA0-5B3B-4E93-BA55-DBC23252D998@ecs.soton.ac.uk> References: <223f97700602060250y34bea22ak@mail.gmail.com> <814A6FA0-5B3B-4E93-BA55-DBC23252D998@ecs.soton.ac.uk> Message-ID: On 2/6/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- :snip: > One major thing that needs (re)-writing is a Solaris installation > guide. The current one (which I wrote a long time ago) is totally out > of date and useless. I might well just remove it completely. I have > someone doing a Solaris install at the moment, and being a newbie to > Solaris he is hitting every problem in the book. So hopefully his > writeup will be useful to other Solaris users. I am also a mailscanner newb installing on Solaris 9 and I would be glad to contribute my experiences. I have just today downloaded 4.5 onto my workstation to test how the setup works before installing it onto a test box. MS was recommended by my boss (he used it before at a previous job) as something to replace the existiing "that's-just-what-they-used-when-I-got-here" mimedefang filter. -- Mark McCoy -- Professional Unix geek "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. " -- Charles Babbage From Edge at twu.ca Mon Feb 6 18:03:35 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 18:03:46 2006 Subject: More problems than just ALL_TRusted Message-ID: Well it looks like I have a few other issues here that may or may not be part of my mailscanner.cf file not being read. I upgraded MailScanner this morning from 4.50.14-2 beta to 4.50.12 stable and now after running MailScanner --lint and --debug I am seeing some errors. I had run the debug option on previous installs of MailScanner (after every upgrade) without problems, but with this new version I am seeing errors I have never seen before. On mx10.twu.ca --lint shows: [root@mx10 root]# MailScanner --lint Could not read file /var/run/MailScanner.pid at /usr/lib/MailScanner/MailScanner/Config.pm line 2278 Error in line 157, file "/var/run/MailScanner.pid" for pidfile does not exist (or can not be read) at /usr/lib/MailScanner/MailScanner/Config.pm line 2440 Syntax error in line 1480, value "" for spamblacklist is not one of allowed values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm line 2360 Syntax error in line 1473, value "" for spamwhitelist is not one of allowed values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm line 2360 Possible syntax error on line 26 of /etc/MailScanner/filename.rules.conf at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to separate fields with tab characters! at /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 702 hostnames from the phishing whitelist Config: calling custom init function MailWatchLogging Cannot write pid file , No such file or directory at /usr/sbin/MailScanner line 1238 MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: warning: score set for non-existent rule FUZZY_GUARANTEE config: warning: score set for non-existent rule FUZZY_BILLION config: warning: score set for non-existent rule FUZZY_XPILL config: warning: score set for non-existent rule FUZZY_PRESCRIPT config: warning: score set for non-existent rule FUZZY_SOFTWARE config: warning: score set for non-existent rule SUBJECT_FUZZY_TION config: warning: score set for non-existent rule FUZZY_PHARMACY config: warning: score set for non-existent rule FUZZY_TRAMADOL config: warning: score set for non-existent rule FUZZY_OFFERS config: warning: score set for non-existent rule SUBJECT_FUZZY_VPILL config: warning: score set for non-existent rule FUZZY_MEDICATION config: warning: score set for non-existent rule FUZZY_CREDIT config: warning: score set for non-existent rule FUZZY_THOUSANDS config: warning: score set for non-existent rule FUZZY_CPILL config: warning: score set for non-existent rule FUZZY_OBLIGATION config: warning: score set for non-existent rule SUBJECT_FUZZY_PENIS config: warning: score set for non-existent rule FUZZY_MONEY config: warning: score set for non-existent rule SUBJECT_FUZZY_MEDS config: warning: score set for non-existent rule FUZZY_CELEBREX config: warning: score set for non-existent rule FUZZY_FOLLOW config: warning: score set for non-existent rule FUZZY_PLEASE config: warning: score set for non-existent rule FUZZY_VICODIN config: warning: score set for non-existent rule FUZZY_ERECT config: warning: score set for non-existent rule FUZZY_VLIUM config: warning: score set for non-existent rule FUZZY_MILLION config: warning: score set for non-existent rule FUZZY_AFFORDABLE config: warning: score set for non-existent rule FUZZY_REMOVE config: warning: score set for non-existent rule FUZZY_ROLEX config: warning: score set for non-existent rule FUZZY_AMBIEN config: warning: score set for non-existent rule FUZZY_MORTGAGE config: warning: score set for non-existent rule FUZZY_PRICES config: warning: score set for non-existent rule FUZZY_REFINANCE config: warning: score set for non-existent rule FUZZY_VIOXX config: warning: score set for non-existent rule SUBJECT_FUZZY_CHEAP config: warning: score set for non-existent rule FUZZY_VPILL config: warning: score set for non-existent rule FUZZY_PHENT config: warning: score set for non-existent rule FUZZY_MILF SpamAssassin reported an error. MailScanner.conf says "Virus Scanners = clamavmodule mcafee" Found these virus scanners installed: clamavmodule, mcafee ------------------------- MailScanner --debug shows: -------------------------- In Debugging mode, not forking... Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1008. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1010. LibClamAV Warning: ******************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** LibClamAV Warning: ******************************************************** Ignore errors about failing to find EOCD signature ---------------- And it freezes at the above line. On mx20.twu.ca MailScanner --lint and debug gives me: ---------------- [root@mx20 MailScanner]# MailScanner --lint Cannot open config file --lint, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 597. Compilation failed in require at /usr/sbin/MailScanner line 67. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. ---------------- During the install (I used install.sh and RPM package) I didn't noticed any errors that would cause me to think there was a problem with the install. Now I am even more kerfuffled. I have upgrade from 4.37 with every new stable release and two of the 4.50 betas without any problems previously other then the ALL_TRUSTED issues I have a;ready reported. The odd thing is that email is being received, scanned and forwarded on to our Exchange servers fine. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology From listacct at tulsaconnect.com Mon Feb 6 18:12:21 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 6 18:12:16 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: <43E77E8F.5000300@ecs.soton.ac.uk> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> Message-ID: <43E79185.90401@tulsaconnect.com> Julian Field wrote: > The only thing I can think of is the SpamAssassin cache. Try switching > it off and see if performance improves. I see the problem now: PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU CPU COMMAND 49938 root -2 0 180M 112M getblk 0 0:02 17.57% 9.28% perl 49826 root -2 0 515M 262M getblk 0 0:04 9.73% 8.54% perl 49870 root 28 0 515M 266M pfault 2 0:04 10.66% 8.40% perl 49530 root -2 0 515M 423M getblk 2 0:06 7.99% 7.81% perl 49993 root 28 0 360M 181M pfault 0 0:01 9.32% 3.08% perl 50000 root 28 0 22572K 14708K pfault 0 0:00 19.48% 1.86% perl The perl processes are taking massive amounts of RAM on 4.50.15. I'll try turning off the SA caching and see if that makes any difference. FWIW: Summary of my perl5 (revision 5.0 version 8 subversion 2) configuration: Platform: osname=freebsd, osvers=4.9-release, archname=i386-freebsd -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From MailScanner at ecs.soton.ac.uk Mon Feb 6 18:16:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 18:16:41 2006 Subject: More problems than just ALL_TRusted In-Reply-To: References: Message-ID: <43E79280.4090003@ecs.soton.ac.uk> How many of these errors have you addressed? Ignore the ones about the pid file, I have fixed that today. But the others are ones you should address. Richard Edge wrote: > Well it looks like I have a few other issues here that may or may not be > part of my mailscanner.cf file not being read. I upgraded MailScanner > this morning from 4.50.14-2 beta to 4.50.12 stable and now after running > MailScanner --lint and --debug I am seeing some errors. I had run the > debug option on previous installs of MailScanner (after every upgrade) > without problems, but with this new version I am seeing errors I have > never seen before. > > On mx10.twu.ca --lint shows: > > [root@mx10 root]# MailScanner --lint > Could not read file /var/run/MailScanner.pid at > /usr/lib/MailScanner/MailScanner/Config.pm line 2278 > Error in line 157, file "/var/run/MailScanner.pid" for pidfile does not > exist (or can not be read) at /usr/lib/MailScanner/MailScanner/Config.pm > line 2440 > Syntax error in line 1480, value "" for spamblacklist is not one of > allowed values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 > Syntax error in line 1473, value "" for spamwhitelist is not one of > allowed values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 > Possible syntax error on line 26 of /etc/MailScanner/filename.rules.conf > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 > Remember to separate fields with tab characters! at > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 > Read 702 hostnames from the phishing whitelist > Config: calling custom init function MailWatchLogging > Cannot write pid file , No such file or directory at > /usr/sbin/MailScanner line 1238 > MailScanner setting GID to (89) > MailScanner setting UID to (89) > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: warning: score set for non-existent rule FUZZY_GUARANTEE > config: warning: score set for non-existent rule FUZZY_BILLION > config: warning: score set for non-existent rule FUZZY_XPILL > config: warning: score set for non-existent rule FUZZY_PRESCRIPT > config: warning: score set for non-existent rule FUZZY_SOFTWARE > config: warning: score set for non-existent rule SUBJECT_FUZZY_TION > config: warning: score set for non-existent rule FUZZY_PHARMACY > config: warning: score set for non-existent rule FUZZY_TRAMADOL > config: warning: score set for non-existent rule FUZZY_OFFERS > config: warning: score set for non-existent rule SUBJECT_FUZZY_VPILL > config: warning: score set for non-existent rule FUZZY_MEDICATION > config: warning: score set for non-existent rule FUZZY_CREDIT > config: warning: score set for non-existent rule FUZZY_THOUSANDS > config: warning: score set for non-existent rule FUZZY_CPILL > config: warning: score set for non-existent rule FUZZY_OBLIGATION > config: warning: score set for non-existent rule SUBJECT_FUZZY_PENIS > config: warning: score set for non-existent rule FUZZY_MONEY > config: warning: score set for non-existent rule SUBJECT_FUZZY_MEDS > config: warning: score set for non-existent rule FUZZY_CELEBREX > config: warning: score set for non-existent rule FUZZY_FOLLOW > config: warning: score set for non-existent rule FUZZY_PLEASE > config: warning: score set for non-existent rule FUZZY_VICODIN > config: warning: score set for non-existent rule FUZZY_ERECT > config: warning: score set for non-existent rule FUZZY_VLIUM > config: warning: score set for non-existent rule FUZZY_MILLION > config: warning: score set for non-existent rule FUZZY_AFFORDABLE > config: warning: score set for non-existent rule FUZZY_REMOVE > config: warning: score set for non-existent rule FUZZY_ROLEX > config: warning: score set for non-existent rule FUZZY_AMBIEN > config: warning: score set for non-existent rule FUZZY_MORTGAGE > config: warning: score set for non-existent rule FUZZY_PRICES > config: warning: score set for non-existent rule FUZZY_REFINANCE > config: warning: score set for non-existent rule FUZZY_VIOXX > config: warning: score set for non-existent rule SUBJECT_FUZZY_CHEAP > config: warning: score set for non-existent rule FUZZY_VPILL > config: warning: score set for non-existent rule FUZZY_PHENT > config: warning: score set for non-existent rule FUZZY_MILF > SpamAssassin reported an error. > > MailScanner.conf says "Virus Scanners = clamavmodule mcafee" > Found these virus scanners installed: clamavmodule, mcafee > ------------------------- > > MailScanner --debug shows: > > -------------------------- > > In Debugging mode, not forking... > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1008. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1010. > LibClamAV Warning: > ******************************************************** > LibClamAV Warning: *** This version of the ClamAV engine is outdated. > *** > LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html > *** > LibClamAV Warning: > ******************************************************** > Ignore errors about failing to find EOCD signature > ---------------- > > And it freezes at the above line. On mx20.twu.ca MailScanner --lint and > debug gives me: > > ---------------- > [root@mx20 MailScanner]# MailScanner --lint > Cannot open config file --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > Compilation failed in require at /usr/sbin/MailScanner line 67. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. > ---------------- > > During the install (I used install.sh and RPM package) I didn't noticed > any errors that would cause me to think there was a problem with the > install. Now I am even more kerfuffled. > > I have upgrade from 4.37 with every new stable release and two of the > 4.50 betas without any problems previously other then the ALL_TRUSTED > issues I have a;ready reported. The odd thing is that email is being > received, scanned and forwarded on to our Exchange servers fine. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at yeticomputers.com Mon Feb 6 18:24:31 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 6 18:24:51 2006 Subject: permissions problem on startup In-Reply-To: <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> Message-ID: <43E7945F.1020806@yeticomputers.com> I ended up having to give the postfix user a shell, su to postfix and then run check_mailscanner. Sounds like what you finally did. I kept having little glitches with that machine, though. Nothing serious, just little things like having to jump through odd hoops to launch MailScanner... perldoc would never work, claiming it was missing modules that *were* installed... There were a few other strange problems, always involving perl apps. I'm guessing that the problem was one of mangled permissions somewhere deep in the perl tree, but I never found out. I finally decided that Gentoo simply requires too much babysitting for me to want to use it on a production server. Last week I put together a Centos 4.2 box, moved all of the mail over there, installed the latest MailScanner and everything was fine. I really like a lot of things about Gentoo, but it's little things like this that have made me pull it off all of my production servers. The primary mailserver was the last holdout. Just curious: Do *you* get an error if you try 'postdoc postdoc'? Rick John Jolet wrote: >>> yeah, I thought of that. If I give postfix a shell, su - postfix I >>> can view the file just fine. It appeared to me when I looked at >>> that module that it was mostly concerned with ldap servers. was I >>> incorrect? I don't have any, and that portion of the config file >>> is commented out. just grasping at straws at this point. >> >> >> I would not advise you try to work out how the configuration >> compiler works, it's pretty complex. :-) >> >> If you do su - postfix then cd / then cd down each dir to the file's >> location, does that all work at every step? > > yes, it does. That gave me an idea, however. su - postfix from > root, THEN run check_mailscanner, and it works. so I can start it as > postfix if i'm postfix. I guess I can handle that.....but it's still > odd. From mailscanner at yeticomputers.com Mon Feb 6 18:46:33 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 6 18:46:55 2006 Subject: permissions problem on startup In-Reply-To: <43E7945F.1020806@yeticomputers.com> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> <43E7945F.1020806@yeticomputers.com> Message-ID: <43E79989.5080900@yeticomputers.com> I, of course, meant 'perldoc perldoc'. (sigh) Rick Chadderdon wrote: > Just curious: Do *you* get an error if you try 'postdoc postdoc'? > From mkettler at evi-inc.com Mon Feb 6 19:00:59 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 6 19:01:15 2006 Subject: More problems than just ALL_TRusted In-Reply-To: References: Message-ID: <43E79CEB.9050200@evi-inc.com> Richard Edge wrote: > config: warning: score set for non-existent rule FUZZY_GUARANTEE > config: warning: score set for non-existent rule FUZZY_BILLION Those warnings sound like the ReplaceTags plugin isn't loaded.. Check your /etc/mail/spamassassin/v310.pre for: loadplugin Mail::SpamAssassin::Plugin::ReplaceTags It's a bit of a bug in SA 3.1.0 that disabling this plugin isn't handled gracefully. Then again, I can't see why anyone would want to disable this plugin if they understood it. It's low overhead and very useful. From Edge at twu.ca Mon Feb 6 19:19:23 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 19:19:58 2006 Subject: More problems than just ALL_TRusted Message-ID: I have looked at the following: > Syntax error in line 1480, value "" for spamblacklist is not one of > allowed values "yes","no" at > /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 My line 1480 is 'Is Definitely Spam = $SQLBlacklist' and is the same as my mx20 config. > Syntax error in line 1473, value "" for spamwhitelist is not one of > allowed values "yes","no" at > /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 My line 1473 shows 'Is Definitely Not Spam = $SQLWhitelist' which is exactly what the same line on my config file on mx20.twu.ca and is supposed be set to this for MailWatch. > Possible syntax error on line 26 of > /etc/MailScanner/filename.rules.conf > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to > separate fields with tab characters! at > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 702 My line 26 in /etc/MailScanner/filename.rules.conf shows '/etc/MailScanner/filename.rules.conf' which was not added by me, but is a part of your base file setup. The only changes I made in this file was to comment out the winmail, .bmp,.ico, .ani, .cur, and .hlp deny lines a couple of versions ago. I don't know where the 'warning: score set for non-existent rule' lines are coming from since I do not recognize any of these rules. They are not scores I have set anywhere. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, February 06, 2006 10:17 AM To: MailScanner discussion Subject: Re: More problems than just ALL_TRusted How many of these errors have you addressed? Ignore the ones about the pid file, I have fixed that today. But the others are ones you should address. Richard Edge wrote: > Well it looks like I have a few other issues here that may or may not > be part of my mailscanner.cf file not being read. I upgraded > MailScanner this morning from 4.50.14-2 beta to 4.50.12 stable and now > after running MailScanner --lint and --debug I am seeing some errors. > I had run the debug option on previous installs of MailScanner (after > every upgrade) without problems, but with this new version I am seeing > errors I have never seen before. > > On mx10.twu.ca --lint shows: > > [root@mx10 root]# MailScanner --lint > Could not read file /var/run/MailScanner.pid at > /usr/lib/MailScanner/MailScanner/Config.pm line 2278 Error in line > 157, file "/var/run/MailScanner.pid" for pidfile does not exist (or > can not be read) at /usr/lib/MailScanner/MailScanner/Config.pm > line 2440 > Syntax error in line 1480, value "" for spamblacklist is not one of > allowed values "yes","no" at > /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 > Syntax error in line 1473, value "" for spamwhitelist is not one of > allowed values "yes","no" at > /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 > Possible syntax error on line 26 of > /etc/MailScanner/filename.rules.conf > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to > separate fields with tab characters! at > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 702 > hostnames from the phishing whitelist > Config: calling custom init function MailWatchLogging Cannot write pid > file , No such file or directory at /usr/sbin/MailScanner line 1238 > MailScanner setting GID to (89) MailScanner setting UID to (89) > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: warning: score set for non-existent rule FUZZY_GUARANTEE > config: warning: score set for non-existent rule FUZZY_BILLION > config: warning: score set for non-existent rule FUZZY_XPILL > config: warning: score set for non-existent rule FUZZY_PRESCRIPT > config: warning: score set for non-existent rule FUZZY_SOFTWARE > config: warning: score set for non-existent rule SUBJECT_FUZZY_TION > config: warning: score set for non-existent rule FUZZY_PHARMACY > config: warning: score set for non-existent rule FUZZY_TRAMADOL > config: warning: score set for non-existent rule FUZZY_OFFERS > config: warning: score set for non-existent rule SUBJECT_FUZZY_VPILL > config: warning: score set for non-existent rule FUZZY_MEDICATION > config: warning: score set for non-existent rule FUZZY_CREDIT > config: warning: score set for non-existent rule FUZZY_THOUSANDS > config: warning: score set for non-existent rule FUZZY_CPILL > config: warning: score set for non-existent rule FUZZY_OBLIGATION > config: warning: score set for non-existent rule SUBJECT_FUZZY_PENIS > config: warning: score set for non-existent rule FUZZY_MONEY > config: warning: score set for non-existent rule SUBJECT_FUZZY_MEDS > config: warning: score set for non-existent rule FUZZY_CELEBREX > config: warning: score set for non-existent rule FUZZY_FOLLOW > config: warning: score set for non-existent rule FUZZY_PLEASE > config: warning: score set for non-existent rule FUZZY_VICODIN > config: warning: score set for non-existent rule FUZZY_ERECT > config: warning: score set for non-existent rule FUZZY_VLIUM > config: warning: score set for non-existent rule FUZZY_MILLION > config: warning: score set for non-existent rule FUZZY_AFFORDABLE > config: warning: score set for non-existent rule FUZZY_REMOVE > config: warning: score set for non-existent rule FUZZY_ROLEX > config: warning: score set for non-existent rule FUZZY_AMBIEN > config: warning: score set for non-existent rule FUZZY_MORTGAGE > config: warning: score set for non-existent rule FUZZY_PRICES > config: warning: score set for non-existent rule FUZZY_REFINANCE > config: warning: score set for non-existent rule FUZZY_VIOXX > config: warning: score set for non-existent rule SUBJECT_FUZZY_CHEAP > config: warning: score set for non-existent rule FUZZY_VPILL > config: warning: score set for non-existent rule FUZZY_PHENT > config: warning: score set for non-existent rule FUZZY_MILF > SpamAssassin reported an error. > > MailScanner.conf says "Virus Scanners = clamavmodule mcafee" > Found these virus scanners installed: clamavmodule, mcafee > ------------------------- > > MailScanner --debug shows: > > -------------------------- > > In Debugging mode, not forking... > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1008. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1010. > LibClamAV Warning: > ******************************************************** > LibClamAV Warning: *** This version of the ClamAV engine is outdated. > *** > LibClamAV Warning: *** DON'T PANIC! Read > http://www.clamav.net/faq.html > *** > LibClamAV Warning: > ******************************************************** > Ignore errors about failing to find EOCD signature > ---------------- > > And it freezes at the above line. On mx20.twu.ca MailScanner --lint > and debug gives me: > > ---------------- > [root@mx20 MailScanner]# MailScanner --lint Cannot open config file > --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > Compilation failed in require at /usr/sbin/MailScanner line 67. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. > ---------------- > > During the install (I used install.sh and RPM package) I didn't > noticed any errors that would cause me to think there was a problem > with the install. Now I am even more kerfuffled. > > I have upgrade from 4.37 with every new stable release and two of the > 4.50 betas without any problems previously other then the ALL_TRUSTED > issues I have a;ready reported. The odd thing is that email is being > received, scanned and forwarded on to our Exchange servers fine. > > Richard Edge > Senior Systems Administrator | Technology Services Trinity Western > University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Edge at twu.ca Mon Feb 6 19:38:02 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 19:40:20 2006 Subject: More problems than just ALL_TRusted Message-ID: I don't have a v310.pre. I have a init.pre and an init.pre.pre-v310 on both gateways. Both files have identical contents except for some extra 'loadplugin Mail::SpamAssassin::Plugin::RelayCountry', 'loadplugin Mail::SpamAssassin::Plugin::SPF' and 'loadplugin Mail::SpamAssassin::Plugin::URIDNSBL' lines ininit.pre.pre-v310.pre. The 'loadplugin Mail::SpamAssassin::Plugin::ReplaceTags' is uncommented in init.pre. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Monday, February 06, 2006 11:01 AM To: MailScanner discussion Subject: Re: More problems than just ALL_TRusted Richard Edge wrote: > config: warning: score set for non-existent rule FUZZY_GUARANTEE > config: warning: score set for non-existent rule FUZZY_BILLION Those warnings sound like the ReplaceTags plugin isn't loaded.. Check your /etc/mail/spamassassin/v310.pre for: loadplugin Mail::SpamAssassin::Plugin::ReplaceTags It's a bit of a bug in SA 3.1.0 that disabling this plugin isn't handled gracefully. Then again, I can't see why anyone would want to disable this plugin if they understood it. It's low overhead and very useful. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Mon Feb 6 20:14:50 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 6 20:15:00 2006 Subject: More problems than just ALL_TRusted In-Reply-To: References: Message-ID: <43E7AE3A.6060006@evi-inc.com> Richard Edge wrote: > I don't have a v310.pre. I have a init.pre and an init.pre.pre-v310 on > both gateways. Ouch.. where did you get your copy of SA from???! From dhawal at netmagicsolutions.com Mon Feb 6 20:18:20 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Feb 6 20:18:24 2006 Subject: More problems than just ALL_TRusted In-Reply-To: References: Message-ID: <20060206201820.8273.qmail@mymail.netmagicians.com> Richard Edge writes: > I don't have a v310.pre. I have a init.pre and an init.pre.pre-v310 on > both gateways. Both files have identical contents except for some extra > 'loadplugin Mail::SpamAssassin::Plugin::RelayCountry', 'loadplugin > Mail::SpamAssassin::Plugin::SPF' and 'loadplugin > Mail::SpamAssassin::Plugin::URIDNSBL' lines ininit.pre.pre-v310.pre. The > 'loadplugin Mail::SpamAssassin::Plugin::ReplaceTags' is uncommented in > init.pre. Could you also try 'spamassassin -x -D --lint', the '-x' ensures that user preferences file are not created. Also what is there in /root/.spamassassin? - dhawal > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Monday, February 06, 2006 11:01 AM > To: MailScanner discussion > Subject: Re: More problems than just ALL_TRusted > > Richard Edge wrote: > >> config: warning: score set for non-existent rule FUZZY_GUARANTEE >> config: warning: score set for non-existent rule FUZZY_BILLION > > Those warnings sound like the ReplaceTags plugin isn't loaded.. > > Check your /etc/mail/spamassassin/v310.pre for: > loadplugin Mail::SpamAssassin::Plugin::ReplaceTags > > It's a bit of a bug in SA 3.1.0 that disabling this plugin isn't handled > gracefully. Then again, I can't see why anyone would want to disable > this plugin if they understood it. It's low overhead and very useful. From Edge at twu.ca Mon Feb 6 20:24:05 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 20:23:11 2006 Subject: More problems than just ALL_TRusted Message-ID: >From www.mailscanner.info, I have always installed it from install-Clam-SA.tar.gz since first running MailScanner. While there was an older version on the system from my original RHEL 3 install, I have used the install-Clam-SA.tar.gz since first running MailScanner a year and a half ago. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Monday, February 06, 2006 12:15 PM To: MailScanner discussion Subject: Re: More problems than just ALL_TRusted Richard Edge wrote: > I don't have a v310.pre. I have a init.pre and an init.pre.pre-v310 on > both gateways. Ouch.. where did you get your copy of SA from???! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Mon Feb 6 20:30:35 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 6 20:30:44 2006 Subject: install-Clam-SA.tar.gz missing files (Was More problems than just ALL_TRusted) In-Reply-To: References: Message-ID: <43E7B1EB.4020900@evi-inc.com> Richard Edge wrote: >>From www.mailscanner.info, I have always installed it from > install-Clam-SA.tar.gz since first running MailScanner. While there was > an older version on the system from my original RHEL 3 install, I have > used the install-Clam-SA.tar.gz since first running MailScanner a year > and a half ago. Erm, Julian.. Is that install file for some reason missing v310.pre? From Edge at twu.ca Mon Feb 6 20:31:37 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 20:31:47 2006 Subject: More problems than just ALL_TRusted Message-ID: The following files are in root/.spamassassin: [root@mx10 root]# ls -la .spamassassin/ total 44 drwx------ 2 root root 4096 Jan 20 04:09 . drwxr-x--- 24 root root 4096 Feb 6 11:40 .. -rw------- 1 root root 12288 Nov 18 10:53 auto-whitelist -rw-rw-rw- 1 root root 6 Nov 18 10:53 auto-whitelist.mutex -rw------- 1 root root 12288 Jan 5 09:55 bayes_seen -rw------- 1 root root 12288 Jan 5 09:55 bayes_toks -rw-r--r-- 1 root root 1487 Nov 16 01:53 user_prefs It is the same on both gateways. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dhawal Doshy Sent: Monday, February 06, 2006 12:18 PM To: MailScanner discussion Subject: Re: More problems than just ALL_TRusted Richard Edge writes: > I don't have a v310.pre. I have a init.pre and an init.pre.pre-v310 on > both gateways. Both files have identical contents except for some > extra 'loadplugin Mail::SpamAssassin::Plugin::RelayCountry', > 'loadplugin Mail::SpamAssassin::Plugin::SPF' and 'loadplugin > Mail::SpamAssassin::Plugin::URIDNSBL' lines ininit.pre.pre-v310.pre. > The 'loadplugin Mail::SpamAssassin::Plugin::ReplaceTags' is > uncommented in init.pre. Could you also try 'spamassassin -x -D --lint', the '-x' ensures that user preferences file are not created. Also what is there in /root/.spamassassin? - dhawal > Richard Edge > Senior Systems Administrator | Technology Services Trinity Western > University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Monday, February 06, 2006 11:01 AM > To: MailScanner discussion > Subject: Re: More problems than just ALL_TRusted > > Richard Edge wrote: > >> config: warning: score set for non-existent rule FUZZY_GUARANTEE >> config: warning: score set for non-existent rule FUZZY_BILLION > > Those warnings sound like the ReplaceTags plugin isn't loaded.. > > Check your /etc/mail/spamassassin/v310.pre for: > loadplugin Mail::SpamAssassin::Plugin::ReplaceTags > > It's a bit of a bug in SA 3.1.0 that disabling this plugin isn't > handled gracefully. Then again, I can't see why anyone would want to > disable this plugin if they understood it. It's low overhead and very useful. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From victor at pixelmagicfx.com Mon Feb 6 20:47:06 2006 From: victor at pixelmagicfx.com (Victor DiMichina) Date: Mon Feb 6 20:47:28 2006 Subject: dcc failure In-Reply-To: <43E69FA4.1020404@rbrana.co.id> References: <43E69FA4.1020404@rbrana.co.id> Message-ID: <43E7B5CA.1000401@pixelmagicfx.com> ius wrote: > > Dear mailscanner, > > I got this error messages when do the spamassassin -D --lint -p > /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly > and placed where it should be > > [7934] warn: config: failed to parse line, skipping: dcc_path > /usr/local/bin/dccproc > [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc > > Does anyone know what it is ? > > Thanks alot > ius > > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:plugins:dcc:dccifd_install If I were you, I'd try a re-install of the DCC plugin for Spamassassin. That wiki helped me quite a bit. Vic From campbell at cnpapers.com Mon Feb 6 21:05:41 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 21:07:10 2006 Subject: dcc failure References: <43E69FA4.1020404@rbrana.co.id> <223f97700602060852r3238fd76t@mail.gmail.com> Message-ID: <002601c62b61$16a5e230$0705000a@DDF5DW71> I don't run DCC, but the dcc_path was in my spam.assassin.prefs.conf file from long ago. I, too was getting these messages with --lint. I commented it out, and the problem went away. The DCC plugin is diabled in my init.pre file. I'm just wondering if, like the use_auto_whitelist parameter once was, these two parms are no longer valid or have changed form. These were there from ages ago. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Monday, February 06, 2006 11:52 AM Subject: Re: dcc failure > On 06/02/06, ius wrote: >> Dear mailscanner, >> >> I got this error messages when do the spamassassin -D --lint -p >> /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly and >> placed where it should be >> >> [7934] warn: config: failed to parse line, skipping: dcc_path >> /usr/local/bin/dccproc >> [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc >> >> Does anyone know what it is ? >> >> Thanks alot >> ius > What MailScanner and Spamassassin versions do you have? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From john at jolet.net Mon Feb 6 21:14:40 2006 From: john at jolet.net (John Jolet) Date: Mon Feb 6 21:14:46 2006 Subject: permissions problem on startup In-Reply-To: <43E7945F.1020806@yeticomputers.com> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> <43E7945F.1020806@yeticomputers.com> Message-ID: On Feb 6, 2006, at 12:24 PM, Rick Chadderdon wrote: > I ended up having to give the postfix user a shell, su to postfix and > then run check_mailscanner. Sounds like what you finally did. I kept > having little glitches with that machine, though. Nothing serious, > just > little things like having to jump through odd hoops to launch > MailScanner... perldoc would never work, claiming it was missing > modules that *were* installed... There were a few other strange > problems, always involving perl apps. I'm guessing that the > problem was > one of mangled permissions somewhere deep in the perl tree, but I > never > found out. I finally decided that Gentoo simply requires too much > babysitting for me to want to use it on a production server. Last > week > I put together a Centos 4.2 box, moved all of the mail over there, > installed the latest MailScanner and everything was fine. > > I really like a lot of things about Gentoo, but it's little things > like > this that have made me pull it off all of my production servers. The > primary mailserver was the last holdout. Just curious: Do *you* get > an error if you try 'postdoc postdoc'? > you mean "perldoc postdoc"? no errors, but I will say on this box, sudo doesn't work because of what it claims are permission problems...like root can't read /etc/sudoers...right. I've got 30+ production gentoo boxes running and this is the first time i've seen anything like this happen. I had started to set this box up hardened, but then changed my mind, so I could very well have installed pax or something like that and then not gone with the hardened toolchain. Just for the record, I'm fully confident that the problem is NOT a mailscanner issue. but this is a test box, and artifacts of this sort are acceptable at this time. The box I REALLY run mail through is an FC4 box. Just wanted to look at mailscanner as a replacement for amavis-new. Had some problems with it, and the debug information it gives you is useless.. > Rick > > John Jolet wrote: > >>>> yeah, I thought of that. If I give postfix a shell, su - >>>> postfix I >>>> can view the file just fine. It appeared to me when I looked at >>>> that module that it was mostly concerned with ldap servers. was I >>>> incorrect? I don't have any, and that portion of the config file >>>> is commented out. just grasping at straws at this point. >>> >>> >>> I would not advise you try to work out how the configuration >>> compiler works, it's pretty complex. :-) >>> >>> If you do su - postfix then cd / then cd down each dir to the >>> file's >>> location, does that all work at every step? >> >> yes, it does. That gave me an idea, however. su - postfix from >> root, THEN run check_mailscanner, and it works. so I can start it as >> postfix if i'm postfix. I guess I can handle that.....but it's still >> odd. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From john at jolet.net Mon Feb 6 21:21:01 2006 From: john at jolet.net (John Jolet) Date: Mon Feb 6 21:21:05 2006 Subject: permissions problem on startup In-Reply-To: <43E79989.5080900@yeticomputers.com> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> <43E7945F.1020806@yeticomputers.com> <43E79989.5080900@yeticomputers.com> Message-ID: <146E9F0D-5D67-4918-B17E-DD147AA8F64D@jolet.net> On Feb 6, 2006, at 12:46 PM, Rick Chadderdon wrote: > I, of course, meant 'perldoc perldoc'. (sigh) > in that case....works perfectly. > Rick Chadderdon wrote: > >> Just curious: Do *you* get an error if you try 'postdoc postdoc'? >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From naolson at gmail.com Mon Feb 6 21:25:03 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Feb 6 21:25:06 2006 Subject: dcc failure In-Reply-To: <002601c62b61$16a5e230$0705000a@DDF5DW71> References: <43E69FA4.1020404@rbrana.co.id> <223f97700602060852r3238fd76t@mail.gmail.com> <002601c62b61$16a5e230$0705000a@DDF5DW71> Message-ID: <8f54b4330602061325i6e58b5e4i64665f9070aecabb@mail.gmail.com> Auto whitelist functionality was moved into a plugin. Any config file directives that mention plugin functionality aren't valid unless the plugin is loaded. Nate From MailScanner at ecs.soton.ac.uk Mon Feb 6 21:38:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 21:38:52 2006 Subject: install-Clam-SA.tar.gz missing files (Was More problems than just ALL_TRusted) In-Reply-To: <43E7B1EB.4020900@evi-inc.com> References: <43E7B1EB.4020900@evi-inc.com> Message-ID: <43E7C1E4.2080503@ecs.soton.ac.uk> Matt Kettler wrote: > Richard Edge wrote: > >> >From www.mailscanner.info, I have always installed it from >> install-Clam-SA.tar.gz since first running MailScanner. While there was >> an older version on the system from my original RHEL 3 install, I have >> used the install-Clam-SA.tar.gz since first running MailScanner a year >> and a half ago. >> > > Erm, Julian.. Is that install file for some reason missing v310.pre? > It was from a misunderstanding of what files should ideally exist. I created the init.pre as I thought the v310.pre was what was intended to be init.pre. I have now changed the install-Clam-SA.tar.gz to leave the v310.pre alone. Sorry about that, it wasn't clear to me at the time what the intention was. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 6 21:41:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 21:41:49 2006 Subject: install-Clam-SA.tar.gz missing files (Was More problems than just ALL_TRusted) In-Reply-To: <43E7B1EB.4020900@evi-inc.com> References: <43E7B1EB.4020900@evi-inc.com> Message-ID: <43E7C294.9070308@ecs.soton.ac.uk> Matt Kettler wrote: > Richard Edge wrote: > >> >From www.mailscanner.info, I have always installed it from >> install-Clam-SA.tar.gz since first running MailScanner. While there was >> an older version on the system from my original RHEL 3 install, I have >> used the install-Clam-SA.tar.gz since first running MailScanner a year >> and a half ago. >> > > Erm, Julian.. Is that install file for some reason missing v310.pre? > By the way, as the local.cf (and mailscanner.cf) is in the @Mail::SpamAssassin::site_rules_path path, is the v310.pre in the same place? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at yeticomputers.com Mon Feb 6 21:47:48 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 6 21:48:00 2006 Subject: permissions problem on startup In-Reply-To: References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> <43E7945F.1020806@yeticomputers.com> Message-ID: <43E7C404.1030408@yeticomputers.com> We have something in common other than the same, odd permission problem. I had also started to set that server up hardened and then changed my mind. I checked everything I could think of at the time, but since I had the server working I kind of forgot about it 'til I started noticing the other little issues, all of which could easily have spun out from that one thing. I have just about a dozen production servers, all of which were Gentoo at one time. A couple of years ago, I'd have said the same thing. :) My primary workstation is still Gentoo, but I have enough spare time to tinker with just one box. Not with a dozen. Oh, I was wrong about the mailserver being my last Gentoo server. I still have two. One is for backup storage and one is a Samba DC/fileserver. Those haven't given me any problems at all. Hm. John Jolet wrote: > you mean "perldoc postdoc"? no errors, but I will say on this box, > sudo doesn't work because of what it claims are permission > problems...like root can't read /etc/sudoers...right. > > I've got 30+ production gentoo boxes running and this is the first > time i've seen anything like this happen. I had started to set this > box up hardened, but then changed my mind, so I could very well have > installed pax or something like that and then not gone with the > hardened toolchain. Just for the record, I'm fully confident that > the problem is NOT a mailscanner issue. but this is a test box, and > artifacts of this sort are acceptable at this time. The box I REALLY > run mail through is an FC4 box. Just wanted to look at mailscanner > as a replacement for amavis-new. Had some problems with it, and the > debug information it gives you is useless.. > From mkettler at evi-inc.com Mon Feb 6 21:56:56 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 6 21:57:06 2006 Subject: install-Clam-SA.tar.gz missing files (Was More problems than just ALL_TRusted) In-Reply-To: <43E7C1E4.2080503@ecs.soton.ac.uk> References: <43E7B1EB.4020900@evi-inc.com> <43E7C1E4.2080503@ecs.soton.ac.uk> Message-ID: <43E7C628.2000007@evi-inc.com> Julian Field wrote: > Matt Kettler wrote: >> Richard Edge wrote: >> >>> >From www.mailscanner.info, I have always installed it from >>> install-Clam-SA.tar.gz since first running MailScanner. While there was >>> an older version on the system from my original RHEL 3 install, I have >>> used the install-Clam-SA.tar.gz since first running MailScanner a year >>> and a half ago. >>> >> >> Erm, Julian.. Is that install file for some reason missing v310.pre? >> > It was from a misunderstanding of what files should ideally exist. I > created the init.pre as I thought the v310.pre was what was intended to > be init.pre. > I have now changed the install-Clam-SA.tar.gz to leave the v310.pre alone. It is intended to be installed alongside init.pre. This way if you upgrade SpamAssassin new 3.1.0 plugin settings can be added on without having to blow away a users existing init.pre, which they may have modified since installing 3.0.x. From mkettler at evi-inc.com Mon Feb 6 21:57:54 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 6 21:58:15 2006 Subject: install-Clam-SA.tar.gz missing files (Was More problems than just ALL_TRusted) In-Reply-To: <43E7C294.9070308@ecs.soton.ac.uk> References: <43E7B1EB.4020900@evi-inc.com> <43E7C294.9070308@ecs.soton.ac.uk> Message-ID: <43E7C662.3040905@evi-inc.com> Julian Field wrote: > Matt Kettler wrote: >> Richard Edge wrote: >> >>> >From www.mailscanner.info, I have always installed it from >>> install-Clam-SA.tar.gz since first running MailScanner. While there was >>> an older version on the system from my original RHEL 3 install, I have >>> used the install-Clam-SA.tar.gz since first running MailScanner a year >>> and a half ago. >>> >> >> Erm, Julian.. Is that install file for some reason missing v310.pre? >> > By the way, as the local.cf (and mailscanner.cf) is in the > @Mail::SpamAssassin::site_rules_path > path, is the v310.pre in the same place? Yes, both init.pre and v310.pre belong in the site_rules_path. And you theoretically should never clobber an existing file. From glenn.steen at gmail.com Mon Feb 6 22:02:04 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 6 22:02:08 2006 Subject: More problems than just ALL_TRusted In-Reply-To: References: Message-ID: <223f97700602061402q4ebdb379n@mail.gmail.com> On 06/02/06, Richard Edge wrote: > I have looked at the following: > > > Syntax error in line 1480, value "" for spamblacklist is not one of > > allowed values "yes","no" at > > /usr/lib/MailScanner/MailScanner/Config.pm > > line 2360 > > My line 1480 is 'Is Definitely Spam = $SQLBlacklist' and is the same as > my mx20 config. IIRC, SQLBlacklist is a subroutine/function call and should be spelled with an "&", not a "$"... IOW: Is Definitely Spam = &SQLBlacklist > > Syntax error in line 1473, value "" for spamwhitelist is not one of > > allowed values "yes","no" at > > /usr/lib/MailScanner/MailScanner/Config.pm > > line 2360 > > My line 1473 shows 'Is Definitely Not Spam = $SQLWhitelist' which is > exactly what the same line on my config file on mx20.twu.ca and is > supposed be set to this for MailWatch. Same error as for the blacklist call above. > > Possible syntax error on line 26 of > > /etc/MailScanner/filename.rules.conf > > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to > > separate fields with tab characters! at > > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 702 > > My line 26 in /etc/MailScanner/filename.rules.conf shows > '/etc/MailScanner/filename.rules.conf' which was not added by me, but is > a part of your base file setup. The only changes I made in this file was > to comment out the winmail, .bmp,.ico, .ani, .cur, and .hlp deny lines a > couple of versions ago. Don't know about this one... Perhaps the wrong type of comment chars? > I don't know where the 'warning: score set for non-existent rule' lines > are coming from since I do not recognize any of these rules. They are > not scores I have set anywhere. Better heads than mine will likely help with this one... Could they be "leftover" rules from a previous SA? Or some "plugin" not being loaded correctly? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailscanner at mango.zw Mon Feb 6 21:59:22 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon Feb 6 22:06:26 2006 Subject: OT: but Sendmail experst please help In-Reply-To: Message-ID: On Sat, 4 Feb 2006, WILL HALSALL wrote: > I had a test message from maps regarding open relays. Our sendmail will > accept for deliver messages of the format > but will not accept mail for > deliver with format . > > could one of the sendmail experts please explain how to stop this? below is > the telnet session > rcpt to: > 250 2.1.5 ... Recipient ok I have never seen the above address format. A common test is to send to say will.halsall%hotmail.com@fcot5.farn-ct.ac.uk, which should be denied by default with a current version of sendmail. However this is a different format which I haven't seen being used for relaying. I tried a similar test to yours on sendmail 8.13 with my own domain and a known yahoo.com address and found that the message was also accepted, which was rather disappointing (as it can then lead to bounces being sent to spoofed senders). The message ended up being undeliverable because sendmail looked for the domain yahoo.com%mango.zw and said "yahoo.com%mango.zw.: host not found". I am therefore puzzled as to how your message ended up being delivered to will.halsall@hotmail.com. I would be interested to know what result you get by running "sendmail -bt" and then entering at the prompt: 3,0 will.halsall@hotmail.com%fcot5.farn-ct.ac.uk If it resolves to will.halsall@hotmail.com then you definitely have a problem. I get the following final output: parse returns: $# esmtp $@ hotmail . com % fcot5 . farn-ct . ac . uk . $: will . halsall < @ hotmail . com % fcot5 . farn-ct . ac . uk . > which is clearly undeliverable. Your nameserver reports NXDOMAIN for the domain hotmail.com%fcot5.farn-ct.ac.uk, so I am puzzled as to how the message did get delivered. What does your maillog file say for the message? Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From ssilva at sgvwater.com Mon Feb 6 22:14:14 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 6 22:15:17 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: Richard Edge spake the following on 2/6/2006 9:30 AM: > Hi Scott, > > I tried your suggestion, but still no joy. Thanks anyways. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology Have you verified that your /etc/mail/spamassassin/mailscanner.cf is a symlink to /etc/MailScanner/spam.assassin.prefs.conf? Otherwise, I'm at a loss. Maybe time to hose the MailScanner and Spamassassin installs, and start over? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Edge at twu.ca Mon Feb 6 22:32:05 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 22:31:39 2006 Subject: More problems than just ALL_TRusted Message-ID: Doh! How did I miss that one. I am not sure how that changed from & to $ since I had pasted that value in when first setting it up installing MailWatch. I have found a clue though. It appears to have changed during a previous upgade, I founf a MailScanner.conf.old from a MailScanner upgrade I did on Jan 27. From that file (MailScanner.old) it is correct: ----------------------- #Is Definitely Not Spam = &SQLWhiteList # Spam Blacklist: # Make this point to a ruleset, and anything in that ruleset whose value # is "yes" will *always* be marked as spam. # This value can be over-ridden by the "Is Definitely Not Spam" setting. # This can also be the filename of a ruleset. Is Definitely Spam = no #Is Definitely Spam = &SQLBlacklist ----------------------- I guess it occurred during an upgrade_MailScanner_conf and I missed it when checking the new conf file before mv'ing to the new one. Thanks for catching that. I guess this just emphasizes the need to verify changes before committing them. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Monday, February 06, 2006 2:02 PM To: MailScanner discussion Subject: Re: More problems than just ALL_TRusted On 06/02/06, Richard Edge wrote: > I have looked at the following: > > > Syntax error in line 1480, value "" for spamblacklist is not one of > > allowed values "yes","no" at > > /usr/lib/MailScanner/MailScanner/Config.pm > > line 2360 > > My line 1480 is 'Is Definitely Spam = $SQLBlacklist' and is the same > as my mx20 config. IIRC, SQLBlacklist is a subroutine/function call and should be spelled with an "&", not a "$"... IOW: Is Definitely Spam = &SQLBlacklist > > Syntax error in line 1473, value "" for spamwhitelist is not one of > > allowed values "yes","no" at > > /usr/lib/MailScanner/MailScanner/Config.pm > > line 2360 > > My line 1473 shows 'Is Definitely Not Spam = $SQLWhitelist' which is > exactly what the same line on my config file on mx20.twu.ca and is > supposed be set to this for MailWatch. Same error as for the blacklist call above. > > Possible syntax error on line 26 of > > /etc/MailScanner/filename.rules.conf > > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to > > separate fields with tab characters! at > > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 702 > > My line 26 in /etc/MailScanner/filename.rules.conf shows > '/etc/MailScanner/filename.rules.conf' which was not added by me, but > is a part of your base file setup. The only changes I made in this > file was to comment out the winmail, .bmp,.ico, .ani, .cur, and .hlp > deny lines a couple of versions ago. Don't know about this one... Perhaps the wrong type of comment chars? > I don't know where the 'warning: score set for non-existent rule' > lines are coming from since I do not recognize any of these rules. > They are not scores I have set anywhere. Better heads than mine will likely help with this one... Could they be "leftover" rules from a previous SA? Or some "plugin" not being loaded correctly? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Mon Feb 6 22:38:45 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 6 22:39:16 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <1138983705.26170.35.camel@lin-workstation.azapple.com> References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> <1138983705.26170.35.camel@lin-workstation.azapple.com> Message-ID: Craig White spake the following on 2/3/2006 8:21 AM: > On Thu, 2006-02-02 at 16:44 -0800, Scott Silva wrote: >> Drew Marshall spake the following on 2/2/2006 2:24 PM: > >>> Nice sig. Definitely takes signature of the week winner!! >>> >> If I can just figure out how to get thunderbird to use different signatues on >> different news accounts from the same gmane account, I wouldn't have >> MailScanner plugs going to the CentOS list. >> >> Oh well... Free advertising for Julian ;-) > ---- > do you mean the airplane sig? > > I kind of like that one. > > It's been kind of quiet on CentOS list lately anyway. > > Craig > I ko'd the airplane sig because it got munged from the fixed / variable font switching in the replies. It looked pretty sad sometimes. The CentOS general list is as busy as this one.. and just as hot sometimes ;-& -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Feb 6 22:40:34 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 6 22:52:10 2006 Subject: How does one downgrade? In-Reply-To: <43E3E574.6070605@haigmail.com> References: <43E25ED9.5090103@haigmail.com> <43E282B4.5010201@ecs.soton.ac.uk> <43E3E574.6070605@haigmail.com> Message-ID: Lance Haig spake the following on 2/3/2006 3:21 PM: > Hi Julian, > > I will give you direct access to the box if that would make things easier? > > Lance > > Julian Field wrote: >>> I would be very interested to work through your problems with 4.50 when >>> you have time. >>> Hopefully, some posting on the results.. One of us can put it in the WIKI if it is useful. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From listacct at tulsaconnect.com Mon Feb 6 22:56:48 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 6 22:56:43 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: <43E79185.90401@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> Message-ID: <43E7D430.2010006@tulsaconnect.com> TCIS List Acct wrote: > I see the problem now: > > PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU CPU COMMAND > 49938 root -2 0 180M 112M getblk 0 0:02 17.57% 9.28% perl > 49826 root -2 0 515M 262M getblk 0 0:04 9.73% 8.54% perl > 49870 root 28 0 515M 266M pfault 2 0:04 10.66% 8.40% perl > 49530 root -2 0 515M 423M getblk 2 0:06 7.99% 7.81% perl > 49993 root 28 0 360M 181M pfault 0 0:01 9.32% 3.08% perl > 50000 root 28 0 22572K 14708K pfault 0 0:00 19.48% 1.86% perl > > The perl processes are taking massive amounts of RAM on 4.50.15. I'll > try turning off the SA caching and see if that makes any difference. Ok, I've tracked down part of the problem (from the 4.48.4-2 release notes): - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now read by SpamAssassin via a link called "mailscanner.cf" in the site_rules directory. It is no longer read directly by MailScanner, it is just read by Spam-Assassin during its normal initialisation process. This really hosed those of us not using an RPM or install.sh script (and those of us dumb enough not to read the relnotes before doing this :)) -- it caused my SA prefs not to be read in, and thus caused SA to use its default settings (Bayes on, DNS BL's on, etc) which caused the majority of the performance problems. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From Edge at twu.ca Mon Feb 6 23:10:18 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 23:13:52 2006 Subject: ALL_TRUSTED problems Message-ID: Yes, the symlink is in place. I am beginning to think that removing MailScanner and reinstalling from scratch is looking a little more attractive at this point too. I take it that all I need to do to remove it is the delete the follwing directories and their contents: /etc/MailScanner /usr/lib/MailScanner /usr/sbin/MailScanner If I want to install SA 3.1 from scratch, what do I need to do other than Julian's earlier suggestion of removing SpamAssassin.pm Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Monday, February 06, 2006 2:14 PM To: mailscanner@lists.mailscanner.info Subject: Re: ALL_TRUSTED problems Richard Edge spake the following on 2/6/2006 9:30 AM: > Hi Scott, > > I tried your suggestion, but still no joy. Thanks anyways. > > Richard Edge > Senior Systems Administrator | Technology Services Trinity Western > University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology Have you verified that your /etc/mail/spamassassin/mailscanner.cf is a symlink to /etc/MailScanner/spam.assassin.prefs.conf? Otherwise, I'm at a loss. Maybe time to hose the MailScanner and Spamassassin installs, and start over? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Mon Feb 6 23:56:46 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 7 00:02:13 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: Richard Edge spake the following on 2/6/2006 3:10 PM: > Yes, the symlink is in place. I am beginning to think that removing > MailScanner and reinstalling from scratch is looking a little more > attractive at this point too. > > I take it that all I need to do to remove it is the delete the follwing > directories and their contents: > > /etc/MailScanner > /usr/lib/MailScanner > /usr/sbin/MailScanner > > If I want to install SA 3.1 from scratch, what do I need to do other > than Julian's earlier suggestion of removing SpamAssassin.pm > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott > Silva > Sent: Monday, February 06, 2006 2:14 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: ALL_TRUSTED problems > > Richard Edge spake the following on 2/6/2006 9:30 AM: >> Hi Scott, >> >> I tried your suggestion, but still no joy. Thanks anyways. >> >> Richard Edge >> Senior Systems Administrator | Technology Services Trinity Western >> University | t: 604.513.2089 >> f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > Have you verified that your /etc/mail/spamassassin/mailscanner.cf is a > symlink to /etc/MailScanner/spam.assassin.prefs.conf? > > Otherwise, I'm at a loss. Maybe time to hose the MailScanner and > Spamassassin installs, and start over? > > > That should do it, but you might want to mv instead of rm, just in case. You can always kill it later. I always keep one stable version back, just in case. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Feb 7 00:22:22 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 7 00:22:42 2006 Subject: This list rules!!! Successful upgrade from 4.43 to 4.50 with no glitches! In-Reply-To: <6.2.3.4.0.20060205114353.089f86c8@mxt.1bigthink.com> References: <6.2.3.4.0.20060205114353.089f86c8@mxt.1bigthink.com> Message-ID: dnsadmin 1bigthink.com spake the following on 2/5/2006 8:55 AM: > Hello All, > > I just wanted to report a success story instead of the usual problems. I > upgraded overnight beginning at 00:10 +5GMT last night and was complete > and satisfied everything was going well enough to sleep well by 1:03 +5GMT. > > Thanks Julian! Docs were certainly clear enough! Thank you ALL for > preparing me for the pitfalls! > > Whitebox Linux 3.x (updated RPMs) = RHES 3.x (up to date RPMs) > MailScanner 4.43 upgrade to 4.50 > SpamAssassin-3.03+ClamAV0.88 upgrade to SpamAssassin 3.10+ClamAV0.88 > Mailwatch 0.51 (want to upgrade soon) > > Cheers! > Glenn > Watch out when upgrading MailWatch... You need to get the 1.0.0 tarball also. See the Mailwatch list. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gdoris at rogers.com Tue Feb 7 01:38:20 2006 From: gdoris at rogers.com (Gerry Doris) Date: Tue Feb 7 01:38:44 2006 Subject: MailScanner lint errors? In-Reply-To: References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71> <41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk> <019601c62b2a$421e2350$0705000a@DDF5DW71> Message-ID: <43E7FA0C.1080201@rogers.com> Julian Field wrote: > Please apply this patch to /usr/sbin/MailScanner and then try it again. > > > On 6 Feb 2006, at 14:33, Steve Campbell wrote: > I tried the patch and it fixed the pid error. I still get those other errors about concatenation errors in SweepVirus.pm but I agree they don't seem to mean anything. From markee at bandwidthco.com Tue Feb 7 02:29:57 2006 From: markee at bandwidthco.com (Mark E. Donaldson) Date: Tue Feb 7 02:30:23 2006 Subject: MailScanner lint errors? In-Reply-To: <00ac01c62b26$647293e0$0705000a@DDF5DW71> Message-ID: <002d01c62b8e$63475f10$0300a8c0@bandwidthco.com> I would like to confirm this identical problem on SUSE 10. I upgraded from 4.50.8 to 4.50.15 yesterday on my two mail relays and am experiencing the same behavior. Been using MailScanner on SUSE since the beginning of time and have never seen this before. ########################################## This is coming from the home and office of: Mark E. Donaldson Bandwidthco Computer Security markee@bandwidthco.com http://www.bandwidthco.com/ Copyright C 1999 Bandwidthco.com. All rights reserved. 4500 0028 a66b 4000 8006 d307 c0a8 000a c0a8 0002 0871 0bc3 572b 25f7 ca7d 1b60 5010 f64c c0f6 0000 0000 0000 0000 ########################################## CCNA, OCP, GSEC, GCFW, GCIH, GCIA, GCUX, GCFA, X-Ways (WinHex) Forensics Certified ########################################## Hacking is the process of influencing a computer system in such a way that it performs an action that is useful to you. ########################################## .~. /V\ /( )\ ^^-^^ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Monday, February 06, 2006 6:06 AM To: MailScanner discussion Subject: Re: MailScanner lint errors? Julian, I'm seeing the same with respect to the PID file. My conf file points to /var/run/ and the file does exist. I'm also seeing the dual restart problem, where I am required to start MS twice if I stop it. I alway need to 'killall sendmail', but this doesn't cause the need to start MS twice. There are no sendmail processes running before I start MS. There are no log errors, it just doesn't start. I just thought I would mention this off-thread part in case it might have something to do with the PID problem. MS 4.50-15 MailWatch 1.0.3 SA 3.10 (or whatever was the latest as of last week) Tao Linux 1.0 Update 6 Thanks. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Gerry Doris" To: "MailScanner discussion" Sent: Sunday, February 05, 2006 3:12 PM Subject: Re: MailScanner lint errors? > Julian Field wrote: >> I strongly suspect that none are relevant, apart from the Cannot write >> pid file error. Check this is set to something in your MailScanner.conf >> file. > > I checked MailScanner.conf and the MailScanner PID is set to > /var/run/MailScanner.pid The file is really there and is being used. > > Like I said, there are no errors in any logs and mail is being sent and > received. It was working but I can't remember the last time I tried it. > > I'm using the latest MailWatch. Would that be confusing the MailScanner > lint operation? > > >> >> Gerry Doris wrote: >> >>> I've started seeing errors after running MailScanner --lint which I >>> haven't seen before. >>> >>> I was running 4.50.10 and decided to upgrade to 4.50.15 today. >>> Everything went well and MailScanner is working properly. I see no >>> errors in any of the logs. Mail is being accepted and delivered. >>> >>> MailScanner -v runs without errors but when I run MailScanner --lint I >>> get the following: >>> >>> [root@tiger MailScanner]# MailScanner --lint >>> Read 701 hostnames from the phishing whitelist >>> Config: calling custom init function SQLBlacklist >>> Config: calling custom init function MailWatchLogging >>> Config: calling custom init function SQLWhitelist >>> Cannot write pid file , No such file or directory at >>> /usr/sbin/MailScanner line 1238 >>> Checking for SpamAssassin errors (if you use it)... >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> SpamAssassin reported no errors. >>> >>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot trend >>> bitdefender" >>> >>> Use of uninitialized value in split at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2879. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>> Can't exec "-IsItInstalled": No such file or directory at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>> ...snip >>> the above is repeated 5 more times >>> ...snip >>> >>> Found these virus scanners installed: bitdefender, f-prot, clamavmodule, >>> trend >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## From listacct at tulsaconnect.com Tue Feb 7 03:28:14 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 7 03:28:17 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E7D430.2010006@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> <43E7D430.2010006@tulsaconnect.com> Message-ID: <43E813CE.7020904@tulsaconnect.com> TCIS List Acct wrote: > Ok, I've tracked down part of the problem (from the 4.48.4-2 release > notes): > > - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now read > by SpamAssassin via a link called "mailscanner.cf" in the site_rules > directory. It is no longer read directly by MailScanner, it is just > read by Spam-Assassin during its normal initialisation process. > > This really hosed those of us not using an RPM or install.sh script (and > those of us dumb enough not to read the relnotes before doing this :)) > -- it caused my SA prefs not to be read in, and thus caused SA to use > its default settings (Bayes on, DNS BL's on, etc) which caused the > majority of the performance problems. > Unfortunately the above was just a temporary fix -- the problem has cropped up again. Specifically, if I let 4.50.15 run for a few hours, it appears to leak memory and/or zombie perl processes to such an extent that the box runs out of RAM and swap space. This occurs with the new SpamAssassin cache turned off as well, so that isn't the issue. Here is a snippet of "top" when it is occurring: last pid: 97100; load averages: 16.75, 20.74, 26.46 up 63+05:29:19 21:18:11 297 processes: 53 running, 191 sleeping, 53 zombie CPU states: 22.6% user, 0.0% nice, 13.4% system, 0.3% interrupt, 63.7% idle Mem: 1529M Active, 183M Inact, 287M Wired, 7412K Cache, 199M Buf, 3004K Free Swap: 2048M Total, 960M Used, 1088M Free, 46% Inuse, 452K In, 4804K Out I have the number of child processes set at 10, but there are 100+ MailScanner processes according to a ps -aux | grep MailScanner $ ps -aux | grep MailScanner | wc -l 100 Note that downgrading to 4.47.4 on the same box (all I do is change the symlink to where /opt/MailScanner points to) immediately solves the issue and the box runs normally from that point on. The MailScanner.conf files for both versions are using near identical parameters (same number of a/v scanners, same DNSBL's being used, same spam.assassin.prefs.conf, etc) so I am certain it is something that changed code-wise between 4.47.4 and 4.50.15. Julian, I'll be happy to troubleshoot further if you give me some pointers on what to try next. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From ram at netcore.co.in Tue Feb 7 08:09:06 2006 From: ram at netcore.co.in (Ramprasad) Date: Tue Feb 7 08:08:06 2006 Subject: New speed benchmark In-Reply-To: <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: <1139299746.28848.1.camel@darkstar.netcore.co.in> On Fri, 2006-02-03 at 11:06 +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 3 Feb 2006, at 10:36, Res wrote: > > > On Thu, 2 Feb 2006, DAve wrote: > > > >> Julian Field wrote: > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> I forgot to add the MTA is sendmail > >>> On 2 Feb 2006, at 14:59, Julian Field wrote: > >>>> > Old Signed: 02/02/06 at 14:59:40 > >>>> I have just done a speed test. > >>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. > >>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, > >>>> clamavmodule > >>>> MailScanner setup: default > >>>> Speed: 770,000 messages per day > >> > >> What happens at 780,000 messages a day? > >> > > > > and at what loads > > Maintained about 10 which is what I would expect. And do you have any statistics on what was the average mailq What was the average time a message would remain in queue waiting to be picked up by mailscanner Thanks Ram From w.halsall at farn-ct.ac.uk Tue Feb 7 10:54:04 2006 From: w.halsall at farn-ct.ac.uk (WILL HALSALL) Date: Tue Feb 7 10:54:31 2006 Subject: OT: but Sendmail experst please help In-Reply-To: References: Message-ID: Hi Jim, At first I thought the e-mail was being delivered but after further investigation I don't think this is so. As you say the name generates a dns error. After some testing and googleing I was at a loss to see why the message was accepted for delivery at all. doing the sendmail -bt test gives the output you described and I am at a loss on how to stop. Thanks WillH Jim Holland writes: > On Sat, 4 Feb 2006, WILL HALSALL wrote: > >> I had a test message from maps regarding open relays. Our sendmail will >> accept for deliver messages of the format >> but will not accept mail for >> deliver with format . >> >> could one of the sendmail experts please explain how to stop this? below is >> the telnet session > >> rcpt to: >> 250 2.1.5 ... Recipient ok > > I have never seen the above address format. A common test is to send to > say will.halsall%hotmail.com@fcot5.farn-ct.ac.uk, which should be denied > by default with a current version of sendmail. However this is a > different format which I haven't seen being used for relaying. > > I tried a similar test to yours on sendmail 8.13 with my own domain and a > known yahoo.com address and found that the message was also accepted, > which was rather disappointing (as it can then lead to bounces being sent > to spoofed senders). The message ended up being undeliverable because > sendmail looked for the domain yahoo.com%mango.zw and said > "yahoo.com%mango.zw.: host not found". I am therefore puzzled as to how > your message ended up being delivered to will.halsall@hotmail.com. > > I would be interested to know what result you get by running "sendmail -bt" > and then entering at the prompt: > > 3,0 will.halsall@hotmail.com%fcot5.farn-ct.ac.uk > > If it resolves to will.halsall@hotmail.com then you definitely have a > problem. I get the following final output: > > parse returns: $# esmtp $@ hotmail . com % fcot5 . farn-ct . ac . uk . > $: will . halsall < @ hotmail . com % fcot5 . farn-ct . ac . uk . > > > which is clearly undeliverable. Your nameserver reports NXDOMAIN for the > domain hotmail.com%fcot5.farn-ct.ac.uk, so I am puzzled as to how the > message did get delivered. What does your maillog file say for the message? > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ***************************************** Name: Will Halsall E-Mail: w.halsall@farn-ct.ac.uk ********************************************************************** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify Farnborough College of Technology. E-mail: postmaster@farn-ct.ac.uk ********************************************************************** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From roger at rudnick.com.br Tue Feb 7 11:12:39 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Feb 7 11:12:53 2006 Subject: sendmail greet_pause feature References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se><023301c62719$f6c921c0$0600a8c0@roger> <025101c6271c$7fe54fe0$0600a8c0@roger> Message-ID: <01e301c62bd7$68c19d40$0600a8c0@roger> I just enabled the greet_pause im my sendmail. I'm seing a lot of warnings in my maillog about messages being rejected becouse there was a pre-greeting traffic. Is there some way I could see what messages were this rejected messages, just to be sure I'm not rejecting "good mail". Regards Roger Jochem ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 8:44 AM Subject: Re: sendmail greet_pause feature > Dag Wieers repository has only sendmail 8.12, or I'm missing it. > > http://dag.wieers.com/packages/sendmail/ > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:34 AM > Subject: Re: sendmail greet_pause feature > > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Don't forget to change MailScanner.conf to >> Lock Type = posix >> when you upgrade sendmail to 8.13. >> >> You should be able to find a good RPM of this, so you don't build it >> from source and put everything in odd locations. Try http:// >> dag.wieers.com/ and search his RPM repository. >> >> On 1 Feb 2006, at 10:26, Roger Jochem wrote: >> >>> I'm using the rpm version of sendmail in my centos-3 box (sendmail >>> 8.12) and I would like to upgrade to sendmail 8.13 to use this feature, >>> that seems really great. Is there some problem I should be aware, or >>> the tar.gz version found at sendmail.org would work fine on my machine? >>> Anyone using 8.13 at centos-3 or some similar OS? >>> >>> Regards >>> >>> Roger Jochem >>> >>> ----- Original Message ----- From: "Anders Andersson, IT" >>> >>> To: "MailScanner discussion" >>> Sent: Wednesday, February 01, 2006 8:01 AM >>> Subject: RE: sendmail greet_pause feature >>> >>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Jim Holland >>>>> Sent: Wednesday, February 01, 2006 9:12 AM >>>>> To: MailScanner mailing list >>>>> Subject: OT: sendmail greet_pause feature >>>>> >>>>> Perhaps other sendmail users know all about this, but I have >>>>> only looked at it for the first time. >>>>> >>>>> I run sendmail 8.13.1 and have decided to implement the >>>>> greet_pause feature for the first time (after seeing that it >>>>> is a default option in Debian installations). This requires >>>>> a specified delay after connection, which can be network >>>>> specific, before a client system is allowed to send any SMTP >>>>> commands. Any client that breaks normal SMTP protocols by >>>>> trying to force commands before receiving the go-ahead is >>>>> immediately disconnected. This seems to distinguish very >>>>> successfully between genuine mailers and spammers/viruses >>>>> that are not RFC-compliant. >>>>> >>>>> Using a 5 second delay I have found that the system has >>>>> blocked over 3200 connections in the first 24 hours I used >>>>> it. The client systems were all typical of spammers, with >>>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>>>> record at all. I found only four systems in the blocked >>>>> group that looked as if they were genuine. On further >>>>> investigation I found that earlier log records for some of >>>>> those sites indicated behaviour typical of virus infections >>>>> in any case. >>>> >>>> I second that, thoguh I raised mine to 25 sec just for the fun of it. >>>> I >>>> started low but raised it by 5 sec eeverytime and its been running >>>> smooth. So far no one complained and the ones we have a great >>>> mailexchange with been added to acces list >>>> >>>> /Anders >>>> >>>>> >>>>> To implement the feature: >>>>> >>>>> Add the following to the sendmail.mc file: >>>>> >>>>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>>>> >>>>> Rebuild sendmail and restart MailScanner: >>>>> >>>>> m4 < sendmail.mc > sendmail.cf >>>>> service MailScanner restart >>>>> >>>>> Then specific entries for client hostname, domain, IP address >>>>> or subnet can be put in the access file: >>>>> >>>>> GreetPause:my.domain 0 >>>>> GreetPause:example.com 5000 >>>>> GreetPause:10.1.2 2000 >>>>> GreetPause:127.0.0.1 0 >>>>> >>>>> Definitely worth a look I would say, as it blocks large >>>>> numbers of spammers before they are allowed to send any data, >>>>> with very low risk of blocking genuine systems. It even >>>>> seems to allow genuine mail from infected systems to be >>>>> accepted while blocking viruses from those same systems >>>>> before the DATA phase - as many viruses seem to behave rather >>>>> impolitely :-) >>>>> >>>>> Regards >>>>> >>>>> Jim Holland >>>>> System Administrator >>>>> MANGO - Zimbabwe's non-profit e-mail service >>>> -- >>>> MailScanner mailing list >>>> MailScanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> MailScanner mailing list >>> MailScanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> >> iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG >> 1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn >> ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC >> pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB >> Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q >> lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA== >> =QCbF >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From nerijus at users.sourceforge.net Tue Feb 7 11:23:49 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Tue Feb 7 11:30:17 2006 Subject: bayes_toks.expire1090 In-Reply-To: <43CE95F4.3030105@ecs.soton.ac.uk> References: <20060118191054.8E364BFAF@mx.dtiltas.lt> <43CE95F4.3030105@ecs.soton.ac.uk> Message-ID: <20060207112952.9C62ABF55@mx.dtiltas.lt> On Wed, 18 Jan 2006 19:24:36 +0000 Julian Field wrote: > Nerijus Baliunas wrote: > > I have lots of bayes_toks.expire1090, bayes_toks.expire15302, etc files > > in /var/spool/MailScanner/spamassassin. Where are they appearing from? > > RH AS 4, mailscanner-4.49.7, postfix, spamassassin-3.0.4. > > They are due to SpamAssassin timeouts occurring during Bayes database > rebuilds. Your best bet is to upgrade to 4.50, as I fixed an issue > connected to this, and configure MailScanner to do the Bayes rebuilds. How often do Bayes database rebuilds happen by default (if I have Rebuild Bayes Every = 0)? I have set it to 86400 and it seems it fixed it on this system. But on another system (mailscanner 4.50.15, sendmail) bayes_toks.expire26480 files still appear. Changed to Rebuild Bayes Every = 86400, didn't help. Then changed to Wait During Bayes Rebuild = yes, didn't help neither. Regards, Nerijus From nerijus at users.sourceforge.net Tue Feb 7 11:34:31 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Tue Feb 7 11:34:39 2006 Subject: sendmail greet_pause feature In-Reply-To: <1f8fae340602020153i1a1b061h@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se><023301c62719$f6c921c0$0600a8c0@roger><20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> Message-ID: <20060207113423.E2CFABE2E@mx.dtiltas.lt> On Thu, 2 Feb 2006 09:53:08 +0000 Will McDonald wrote: > > On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 > > needs flock. > > Is locking autodetecting, if you see what I mean? In the > MailScanner.conf it says... > > # How to lock spool files. > # Don't set this unless you know you need to. > # For sendmail, it defaults to "flock". > # For sendmail 8.13 onwards, you will probably need to change it to posix. Hmm, I have in my MailScanner.conf from 4.50.15: # For sendmail, it defaults to "posix". # For sendmail 8.12 and older, you will probably need to change it to flock > Does MailScanner know I'm running 8.13 or should I force posix locking? What do your logs say? I have sendmail 8.12, Lock Type is empty, so it should use "posix" as written above, but I see in the logs: MailScanner E-Mail Virus Scanner version 4.50.15 starting... Read 701 hostnames from the phishing whitelist Using SpamAssassin results cache Connected to SpamAssassin cache database Enabling SpamAssassin auto-whitelist functionality... Using locktype = flock Why is it using "flock"? I understand that for my sendmail version it is a correct setting, but according to the comment above it should use "posix", shouldn't it? I suspect Julian changed comment, but then decided to not make this change and forgot to change comment back. Regards, Nerijus From MailScanner at ecs.soton.ac.uk Tue Feb 7 11:42:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 7 11:42:59 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E813CE.7020904@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> <43E7D430.2010006@tulsaconnect.com> <43E813CE.7020904@tulsaconnect.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 7 Feb 2006, at 03:28, TCIS List Acct wrote: > TCIS List Acct wrote: > >> Ok, I've tracked down part of the problem (from the 4.48.4-2 >> release notes): >> - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now >> read by SpamAssassin via a link called "mailscanner.cf" in the >> site_rules directory. It is no longer read directly by >> MailScanner, it is just read by Spam-Assassin during its normal >> initialisation process. >> This really hosed those of us not using an RPM or install.sh >> script (and those of us dumb enough not to read the relnotes >> before doing this :)) -- it caused my SA prefs not to be read in, >> and thus caused SA to use its default settings (Bayes on, DNS BL's >> on, etc) which caused the majority of the performance problems. > > Unfortunately the above was just a temporary fix -- the problem has > cropped up again. Specifically, if I let 4.50.15 run for a few > hours, it appears to leak memory and/or zombie perl processes to > such an extent that the box runs out of RAM and swap space. This > occurs with the new SpamAssassin cache turned off as well, so that > isn't the issue. Here is a snippet of "top" when it is occurring: > > last pid: 97100; load averages: 16.75, 20.74, > 26.46 up 63+05:29:19 21:18:11 > 297 processes: 53 running, 191 sleeping, 53 zombie > CPU states: 22.6% user, 0.0% nice, 13.4% system, 0.3% interrupt, > 63.7% idle > Mem: 1529M Active, 183M Inact, 287M Wired, 7412K Cache, 199M Buf, > 3004K Free > Swap: 2048M Total, 960M Used, 1088M Free, 46% Inuse, 452K In, 4804K > Out > > I have the number of child processes set at 10, but there are 100+ > MailScanner processes according to a ps -aux | grep MailScanner > > $ ps -aux | grep MailScanner | wc -l > 100 > > Note that downgrading to 4.47.4 on the same box (all I do is change > the symlink to where /opt/MailScanner points to) immediately solves > the issue and the box runs normally from that point on. The > MailScanner.conf files for both versions are using near identical > parameters (same number of a/v scanners, same DNSBL's being used, > same spam.assassin.prefs.conf, etc) so I am certain it is something > that changed code-wise between 4.47.4 and 4.50.15. > > Julian, I'll be happy to troubleshoot further if you give me some > pointers on what to try next. Please edit Message.pm and locate line 1434 which should say if (MailScanner::Config::Value('mta') =~ /sendmail|exim|postfix/i) { I don't know what MTA you are running, so you will need to choose the appropriate bit of the line above so that instead of saying sendmail| exim|postfix it says exim|postfix for example. Note the | symbol is a pipe (vertical line separator) and not a lower case ell or upper case eye. Then perl -c Message.pm to check you got it right. Then restart MailScanner. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+iHu/w32o+k+q+hAQEVIgf/TlXbU7QZeuc59b/G95vxOWbNhKQ5YdX0 FqaBdU8hddnutaZcIXYbgLaObci0gBiYTvZF7YQOqzb5lsN0g40/NBUN8kZ/vnpR TRKWIdoyIY8iw7qH0z+47Ry0TQtYOS4b38laCtRroq478/M1OGcNqJeSJwOryP+0 VXNLJ7FXrZc8m1mK3ejtDsyz4x/NxsUNOrDSWs5jm5Qm2Twof4z/tIes66Ghsf9x C9TxREpNGkGMUs/Sxr58J+Yh6yeCm+RQA1qpzMqrsvgooTtI1K1vzC+WVVwdqSbe W/HCht4daLtZ6Kw4egFw1qWGlbyp2Pru82I/0TnNkJeBHMhfJTU+aw== =GZoD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wmcdonald at gmail.com Tue Feb 7 11:43:30 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Tue Feb 7 11:43:33 2006 Subject: sendmail greet_pause feature In-Reply-To: <01e301c62bd7$68c19d40$0600a8c0@roger> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <025101c6271c$7fe54fe0$0600a8c0@roger> <01e301c62bd7$68c19d40$0600a8c0@roger> Message-ID: <1f8fae340602070343j49716b27l@mail.gmail.com> On 07/02/06, Roger Jochem wrote: > I just enabled the greet_pause im my sendmail. I'm seing a lot of warnings > in my maillog about messages being rejected becouse there was a pre-greeting > traffic. Is there some way I could see what messages were this rejected > messages, just to be sure I'm not rejecting "good mail". Given what greet_pause is doing, and why, I doubt there's anyway you're going to get more than is already contained in the log message. Most of the rejections we've seen since enabling it last week have been * from IP addresses without reverse DNS * within dynamically assigned ranges (DSL, cable modems and the like) * from *.pl, *.ru, *.kr and other usually suspicious TLDs. Try something like... $ awk '/due to pre-greeting/ { print $10 }' /var/log/maillog | sort -u Have a scan through and the chances are it'll all be suspicious looking. And remember, even if the reverse lookup makes them look potentially legit, they're still trying to inject mail traffic before you've told them to, which should immediately raise concerns. Will. From MailScanner at ecs.soton.ac.uk Tue Feb 7 11:45:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 7 11:45:11 2006 Subject: bayes_toks.expire1090 In-Reply-To: <20060207112952.9C62ABF55@mx.dtiltas.lt> References: <20060118191054.8E364BFAF@mx.dtiltas.lt> <43CE95F4.3030105@ecs.soton.ac.uk> <20060207112952.9C62ABF55@mx.dtiltas.lt> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 7 Feb 2006, at 11:23, Nerijus Baliunas wrote: > On Wed, 18 Jan 2006 19:24:36 +0000 Julian Field > wrote: > >> Nerijus Baliunas wrote: >>> I have lots of bayes_toks.expire1090, bayes_toks.expire15302, etc >>> files >>> in /var/spool/MailScanner/spamassassin. Where are they appearing >>> from? >>> RH AS 4, mailscanner-4.49.7, postfix, spamassassin-3.0.4. >> >> They are due to SpamAssassin timeouts occurring during Bayes database >> rebuilds. Your best bet is to upgrade to 4.50, as I fixed an issue >> connected to this, and configure MailScanner to do the Bayes >> rebuilds. > > How often do Bayes database rebuilds happen by default (if I have > Rebuild Bayes Every = 0)? **PLEASE** read the documentation. The line immediaetly above this setting answers this question. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEUAwUBQ+iIQvw32o+k+q+hAQEysAf47G4hxM9+u+OW1Z7qgECXYj8sozHCxvqW 1Kb5KpelKx6+GfkMOl363x89SOCOKgzQxLn9/B4mn+vY+FnvOXjUp7SHERV/YhOl 2UkhqEPIGBCgP/jHZTvBUEpAnulNTtQpAFRayt++WwnQolvU30Jv3sbe7R8/g8tL TI+3N6am6s6bnkAfOA2Xm21pc7HbhVCZUkKrIY7+5fegTzylDmB973RqIRsEuaOl P7X3GiN6UxxZYrvldI5S365O4eFfcE9W+Bn1V+uWYGPY6aaIk0WblZPWZS0SuEac pYEhjDHoYQ2sL3MvbV1sNxIAeesNR9AOZ8hZs406hMcvJq7QnsZ8 =MVLr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Tue Feb 7 11:46:36 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Feb 7 11:46:49 2006 Subject: sendmail greet_pause feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3B80@isabella.herefordshire.gov.uk> You can't - the reject happens in the early stages of the smtp transaction, because the machine connecting isn't following the smtp RFC. That's the whole point of it. So all you're going to see is the IP of the dodgy sender. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Roger Jochem > Sent: 07 February 2006 11:13 > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > I just enabled the greet_pause im my sendmail. I'm seing a > lot of warnings in my maillog about messages being rejected > becouse there was a pre-greeting traffic. Is there some way I > could see what messages were this rejected messages, just to > be sure I'm not rejecting "good mail". > > Regards > > Roger Jochem > > ----- Original Message ----- > From: "Roger Jochem" > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:44 AM > Subject: Re: sendmail greet_pause feature > > > > Dag Wieers repository has only sendmail 8.12, or I'm missing it. > > > > http://dag.wieers.com/packages/sendmail/ > > > > ----- Original Message ----- > > From: "Julian Field" > > To: "MailScanner discussion" > > Sent: Wednesday, February 01, 2006 8:34 AM > > Subject: Re: sendmail greet_pause feature > > > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> Don't forget to change MailScanner.conf to > >> Lock Type = posix > >> when you upgrade sendmail to 8.13. > >> > >> You should be able to find a good RPM of this, so you > don't build it > >> from source and put everything in odd locations. Try http:// > >> dag.wieers.com/ and search his RPM repository. > >> > >> On 1 Feb 2006, at 10:26, Roger Jochem wrote: > >> > >>> I'm using the rpm version of sendmail in my centos-3 box > (sendmail > >>> 8.12) and I would like to upgrade to sendmail 8.13 to use > this feature, > >>> that seems really great. Is there some problem I should > be aware, or > >>> the tar.gz version found at sendmail.org would work fine > on my machine? > >>> Anyone using 8.13 at centos-3 or some similar OS? > >>> > >>> Regards > >>> > >>> Roger Jochem > >>> > >>> ----- Original Message ----- From: "Anders Andersson, IT" > >>> > >>> To: "MailScanner discussion" > >>> Sent: Wednesday, February 01, 2006 8:01 AM > >>> Subject: RE: sendmail greet_pause feature > >>> > >>> > >>>>> -----Original Message----- > >>>>> From: mailscanner-bounces@lists.mailscanner.info > >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >>>>> Of Jim Holland > >>>>> Sent: Wednesday, February 01, 2006 9:12 AM > >>>>> To: MailScanner mailing list > >>>>> Subject: OT: sendmail greet_pause feature > >>>>> > >>>>> Perhaps other sendmail users know all about this, but I have > >>>>> only looked at it for the first time. > >>>>> > >>>>> I run sendmail 8.13.1 and have decided to implement the > >>>>> greet_pause feature for the first time (after seeing that it > >>>>> is a default option in Debian installations). This requires > >>>>> a specified delay after connection, which can be network > >>>>> specific, before a client system is allowed to send any SMTP > >>>>> commands. Any client that breaks normal SMTP protocols by > >>>>> trying to force commands before receiving the go-ahead is > >>>>> immediately disconnected. This seems to distinguish very > >>>>> successfully between genuine mailers and spammers/viruses > >>>>> that are not RFC-compliant. > >>>>> > >>>>> Using a 5 second delay I have found that the system has > >>>>> blocked over 3200 connections in the first 24 hours I used > >>>>> it. The client systems were all typical of spammers, with > >>>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR > >>>>> record at all. I found only four systems in the blocked > >>>>> group that looked as if they were genuine. On further > >>>>> investigation I found that earlier log records for some of > >>>>> those sites indicated behaviour typical of virus infections > >>>>> in any case. > >>>> > >>>> I second that, thoguh I raised mine to 25 sec just for > the fun of it. > >>>> I > >>>> started low but raised it by 5 sec eeverytime and its > been running > >>>> smooth. So far no one complained and the ones we have a great > >>>> mailexchange with been added to acces list > >>>> > >>>> /Anders > >>>> > >>>>> > >>>>> To implement the feature: > >>>>> > >>>>> Add the following to the sendmail.mc file: > >>>>> > >>>>> FEATURE(`greet_pause', `5000')dnl 5 seconds > >>>>> > >>>>> Rebuild sendmail and restart MailScanner: > >>>>> > >>>>> m4 < sendmail.mc > sendmail.cf > >>>>> service MailScanner restart > >>>>> > >>>>> Then specific entries for client hostname, domain, IP address > >>>>> or subnet can be put in the access file: > >>>>> > >>>>> GreetPause:my.domain 0 > >>>>> GreetPause:example.com 5000 > >>>>> GreetPause:10.1.2 2000 > >>>>> GreetPause:127.0.0.1 0 > >>>>> > >>>>> Definitely worth a look I would say, as it blocks large > >>>>> numbers of spammers before they are allowed to send any data, > >>>>> with very low risk of blocking genuine systems. It even > >>>>> seems to allow genuine mail from infected systems to be > >>>>> accepted while blocking viruses from those same systems > >>>>> before the DATA phase - as many viruses seem to behave rather > >>>>> impolitely :-) > >>>>> > >>>>> Regards > >>>>> > >>>>> Jim Holland > >>>>> System Administrator > >>>>> MANGO - Zimbabwe's non-profit e-mail service > >>>> -- > >>>> MailScanner mailing list > >>>> MailScanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>> > >>> -- > >>> MailScanner mailing list > >>> MailScanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >> > >> - -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.0.4 (Build 4042) > >> > >> iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG > >> 1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn > >> ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC > >> pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB > >> Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q > >> lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA== > >> =QCbF > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> MailScanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > MailScanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From nerijus at users.sourceforge.net Tue Feb 7 11:55:16 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Tue Feb 7 11:55:31 2006 Subject: bayes_toks.expire1090 In-Reply-To: References: <20060118191054.8E364BFAF@mx.dtiltas.lt><43CE95F4.3030105@ecs.soton.ac.uk><20060207112952.9C62ABF55@mx.dtiltas.lt> Message-ID: <20060207115515.04305BE2A@mx.dtiltas.lt> On Tue, 7 Feb 2006 11:45:03 +0000 Julian Field wrote: > > How often do Bayes database rebuilds happen by default (if I have > > Rebuild Bayes Every = 0)? > > **PLEASE** read the documentation. The line immediaetly above this > setting answers this question. Hmm, I read it: # If you are using the Bayesian statistics engine on a busy server, # you may well need to force a Bayesian database rebuild and expiry # at regular intervals. This is measures in seconds. # 1 day = 86400 seconds. # To disable this feature set this to 0. Rebuild Bayes Every = 0 So I understand that by default (Rebuild Bayes Every = 0) MailScanner does not rebuild it. What I wanted to ask, how often spamassassin itself rebuilds it? Never? Because if never, where are these bayes_toks.expire26719 files apeearing from? Regards, Nerijus From prandal at herefordshire.gov.uk Tue Feb 7 12:36:03 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Feb 7 12:38:01 2006 Subject: sendmail greet_pause feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BA2@isabella.herefordshire.gov.uk> Looking at the last couple of days' sendmail logs I'm finding a few who really should know better falling foul of a greet_pause 10 second delay: ncsmtp02.partner.nspcc.org.uk gateway.brent.gov.uk and these ISPs. Tut tut! various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1) various mx servers at mail.uk.clara.net (mx0.mail.uk.clara.net through mx5) store0.mail.uk.easynet.net Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Will McDonald > Sent: 07 February 2006 11:44 > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > On 07/02/06, Roger Jochem wrote: > > I just enabled the greet_pause im my sendmail. I'm seing a lot of > > warnings in my maillog about messages being rejected > becouse there was > > a pre-greeting traffic. Is there some way I could see what messages > > were this rejected messages, just to be sure I'm not > rejecting "good mail". > > Given what greet_pause is doing, and why, I doubt there's > anyway you're going to get more than is already contained in > the log message. > > Most of the rejections we've seen since enabling it last week > have been > > * from IP addresses without reverse DNS > * within dynamically assigned ranges (DSL, cable modems and the like) > * from *.pl, *.ru, *.kr and other usually suspicious TLDs. > > Try something like... > > $ awk '/due to pre-greeting/ { print $10 }' /var/log/maillog | sort -u > > Have a scan through and the chances are it'll all be > suspicious looking. And remember, even if the reverse lookup > makes them look potentially legit, they're still trying to > inject mail traffic before you've told them to, which should > immediately raise concerns. > > Will. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Tue Feb 7 13:03:06 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 7 13:03:09 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602070503id21fee1y@mail.gmail.com> On 07/02/06, Scott Silva wrote: > Richard Edge spake the following on 2/6/2006 3:10 PM: > > Yes, the symlink is in place. I am beginning to think that removing > > MailScanner and reinstalling from scratch is looking a little more > > attractive at this point too. > > > > I take it that all I need to do to remove it is the delete the follwing > > directories and their contents: > > > > /etc/MailScanner > > /usr/lib/MailScanner > > /usr/sbin/MailScanner > > > > If I want to install SA 3.1 from scratch, what do I need to do other > > than Julian's earlier suggestion of removing SpamAssassin.pm > > > > Richard Edge > > Senior Systems Administrator | Technology Services > > Trinity Western University | t: 604.513.2089 > > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott > > Silva > > Sent: Monday, February 06, 2006 2:14 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Re: ALL_TRUSTED problems > > > > Richard Edge spake the following on 2/6/2006 9:30 AM: > >> Hi Scott, > >> > >> I tried your suggestion, but still no joy. Thanks anyways. > >> > >> Richard Edge > >> Senior Systems Administrator | Technology Services Trinity Western > >> University | t: 604.513.2089 > >> f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > Have you verified that your /etc/mail/spamassassin/mailscanner.cf is a > > symlink to /etc/MailScanner/spam.assassin.prefs.conf? > > > > Otherwise, I'm at a loss. Maybe time to hose the MailScanner and > > Spamassassin installs, and start over? > > > > > > > That should do it, but you might want to mv instead of rm, just in case. > > You can always kill it later. I always keep one stable version back, just in case. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > If you're on an RPM install/system, you'd better use cp (ro back them up) and rpm -e (on the relevant package ... mailscanner, I'd imagine), to keep the rpm database in sync with reality. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ugob at camo-route.com Tue Feb 7 13:04:44 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Feb 7 13:05:26 2006 Subject: 4.50.14 possible bug Message-ID: Hi, Even tough I have: Log Speed = no I get these in my logs: Feb 7 07:27:37 mta1 MailScanner[19403]: Batch processed in 36.65 seconds Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17COSFG019175 to SQL Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17CN0FG019106 to SQL Feb 7 07:27:37 mta1 MailScanner[19403]: "Always Looked Up Last" took 0.05 secon ds I double-checked the setting and restarted twice... Is that normal? Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. From glenn.steen at gmail.com Tue Feb 7 13:18:20 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 7 13:18:23 2006 Subject: 4.50.14 possible bug In-Reply-To: References: Message-ID: <223f97700602070518h7d369b2fm@mail.gmail.com> On 07/02/06, Ugo Bellavance wrote: > Hi, > > Even tough I have: > > Log Speed = no > > I get these in my logs: > > Feb 7 07:27:37 mta1 MailScanner[19403]: Batch processed in 36.65 seconds > Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17COSFG019175 > to SQL > Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17CN0FG019106 > to SQL > Feb 7 07:27:37 mta1 MailScanner[19403]: "Always Looked Up Last" took > 0.05 secon > ds > > I double-checked the setting and restarted twice... Is that normal? > > Regards, > > -- > Ugo > > -> Please don't send a copy of your reply by e-mail. I read the list. > -> Please avoid top-posting, long signatures and HTML, and cut the > irrelevant parts in your replies. > Hi Ugo, There is/was an ongoing thread about this, that basically covers the why and how etc of this one. Executive summary is: Jeff wanted it, Jules liked the idea, and now we all get it. Some others rather didin't like it... So ... You are not alone ... (Me, I'm still on the fence:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Tue Feb 7 13:21:30 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 7 13:21:41 2006 Subject: sendmail greet_pause feature In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BA2@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BA2@isabella.herefordshire.gov.uk> Message-ID: <43E89EDA.5020902@nkpanama.com> Whitelist them using the access db (put their netblocks or domains on a, say, 3 second delay instead). Randal, Phil wrote: > Looking at the last couple of days' sendmail logs I'm finding a few who > really should know better falling foul of a greet_pause 10 second delay: > > ncsmtp02.partner.nspcc.org.uk > gateway.brent.gov.uk > > and these ISPs. Tut tut! > > various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1) > various mx servers at mail.uk.clara.net (mx0.mail.uk.clara.net through > mx5) > store0.mail.uk.easynet.net > > Cheers, > > Phil > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Will McDonald >> Sent: 07 February 2006 11:44 >> To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> >> On 07/02/06, Roger Jochem wrote: >> >>> I just enabled the greet_pause im my sendmail. I'm seing a lot of >>> warnings in my maillog about messages being rejected >>> >> becouse there was >> >>> a pre-greeting traffic. Is there some way I could see what messages >>> were this rejected messages, just to be sure I'm not >>> >> rejecting "good mail". >> >> Given what greet_pause is doing, and why, I doubt there's >> anyway you're going to get more than is already contained in >> the log message. >> >> Most of the rejections we've seen since enabling it last week >> have been >> >> * from IP addresses without reverse DNS >> * within dynamically assigned ranges (DSL, cable modems and the like) >> * from *.pl, *.ru, *.kr and other usually suspicious TLDs. >> >> Try something like... >> >> $ awk '/due to pre-greeting/ { print $10 }' /var/log/maillog | sort -u >> >> Have a scan through and the chances are it'll all be >> suspicious looking. And remember, even if the reverse lookup >> makes them look potentially legit, they're still trying to >> inject mail traffic before you've told them to, which should >> immediately raise concerns. >> >> Will. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From listacct at tulsaconnect.com Tue Feb 7 13:41:15 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 7 13:41:18 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> <43E7D430.2010006@tulsaconnect.com> <43E813CE.7020904@tulsaconnect.com> Message-ID: <43E8A37B.6020608@tulsaconnect.com> Julian Field wrote: > Please edit Message.pm and locate line 1434 which should say > > if (MailScanner::Config::Value('mta') =~ /sendmail|exim|postfix/i) { > > I don't know what MTA you are running, so you will need to choose the > appropriate bit of the line above so that instead of saying sendmail| > exim|postfix it says exim|postfix for example. Note the | symbol is a > pipe (vertical line separator) and not a lower case ell or upper case > eye. > > Then > perl -c Message.pm > to check you got it right. > > Then restart MailScanner. I'm running exim 4.34-0 on FreeBSD 4.9. With that in mind, should I edit the line to say: if (MailScanner::Config::Value('mta') =~ /exim|postfix/i) { TIA. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From MailScanner at ecs.soton.ac.uk Tue Feb 7 13:47:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 7 13:47:57 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E8A37B.6020608@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> <43E7D430.2010006@tulsaconnect.com> <43E813CE.7020904@tulsaconnect.com> <43E8A37B.6020608@tulsaconnect.com> Message-ID: <7473B3C6-CEF8-47A4-B391-250DC8C5CC45@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 7 Feb 2006, at 13:41, TCIS List Acct wrote: > > > Julian Field wrote: > >> Please edit Message.pm and locate line 1434 which should say >> if (MailScanner::Config::Value('mta') =~ /sendmail|exim|postfix/i) { >> I don't know what MTA you are running, so you will need to choose >> the appropriate bit of the line above so that instead of saying >> sendmail| exim|postfix it says exim|postfix for example. Note the >> | symbol is a pipe (vertical line separator) and not a lower case >> ell or upper case eye. >> Then >> perl -c Message.pm >> to check you got it right. >> Then restart MailScanner. > > I'm running exim 4.34-0 on FreeBSD 4.9. With that in mind, should > I edit the line to say: > > if (MailScanner::Config::Value('mta') =~ /exim|postfix/i) { No, you should do the exact opposite, so you want /sendmail|postfix/i) { - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+ilBvw32o+k+q+hAQHxCwf/WoI+RjxsItVe3NG4bcU1714d56eMz+Mt dpyc+g4YBoTNxEUODnnFYJ6UhvMObnwg5IZ4LNR9FqoAmDTn8QGCfKju6cIZq0Bu cXZk7d3biDohncw6qlH6ZKUR9SPBJvtt+sCOtY9loPbx5UecCtUAQGVhxnkbGLP9 F4fYSCRo5FCXsiichJ//z9v8f+UZtzh7uvPFnVl1squKRGhKo2zDgL8XY7P+WZrr l3ZLCnMB9h5IG9p49ZMNtOtFZavjH8YDL+UW1K/LFEkwVIXXpA2rzn9kCv1EMxEK QGTYowL+4PYwGeSAN0oMkdHCV2TklwtAa+kcYLES17TolOdVg1oa/g== =ewx3 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Tue Feb 7 14:11:15 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Feb 7 14:13:53 2006 Subject: sendmail greet_pause feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BCD@isabella.herefordshire.gov.uk> I've done that, it was more a cautionary note to others. greet_pause is currently catching about 10% of our incoming emails. Around 40% of our incoming mail was spam, so it helps. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Alex Neuman van der Hans > Sent: 07 February 2006 13:22 > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > Whitelist them using the access db (put their netblocks or > domains on a, say, 3 second delay instead). > > Randal, Phil wrote: > > Looking at the last couple of days' sendmail logs I'm finding a few > > who really should know better falling foul of a greet_pause > 10 second delay: > > > > ncsmtp02.partner.nspcc.org.uk > > gateway.brent.gov.uk > > > > and these ISPs. Tut tut! > > > > various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1) > > various mx servers at mail.uk.clara.net > (mx0.mail.uk.clara.net through > > mx5) > > store0.mail.uk.easynet.net > > > > Cheers, > > > > Phil > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Will > >> McDonald > >> Sent: 07 February 2006 11:44 > >> To: MailScanner discussion > >> Subject: Re: sendmail greet_pause feature > >> > >> On 07/02/06, Roger Jochem wrote: > >> > >>> I just enabled the greet_pause im my sendmail. I'm seing a lot of > >>> warnings in my maillog about messages being rejected > >>> > >> becouse there was > >> > >>> a pre-greeting traffic. Is there some way I could see > what messages > >>> were this rejected messages, just to be sure I'm not > >>> > >> rejecting "good mail". > >> > >> Given what greet_pause is doing, and why, I doubt there's anyway > >> you're going to get more than is already contained in the log > >> message. > >> > >> Most of the rejections we've seen since enabling it last week have > >> been > >> > >> * from IP addresses without reverse DNS > >> * within dynamically assigned ranges (DSL, cable modems > and the like) > >> * from *.pl, *.ru, *.kr and other usually suspicious TLDs. > >> > >> Try something like... > >> > >> $ awk '/due to pre-greeting/ { print $10 }' > /var/log/maillog | sort > >> -u > >> > >> Have a scan through and the chances are it'll all be suspicious > >> looking. And remember, even if the reverse lookup makes them look > >> potentially legit, they're still trying to inject mail > traffic before > >> you've told them to, which should immediately raise concerns. > >> > >> Will. > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gdoris at rogers.com Tue Feb 7 14:16:01 2006 From: gdoris at rogers.com (Gerry Doris) Date: Tue Feb 7 14:16:41 2006 Subject: 4.50.14 possible bug In-Reply-To: <223f97700602070518h7d369b2fm@mail.gmail.com> References: <223f97700602070518h7d369b2fm@mail.gmail.com> Message-ID: <43E8ABA1.7040801@rogers.com> Glenn Steen wrote: > On 07/02/06, Ugo Bellavance wrote: > >>Hi, >> >>Even tough I have: >> >>Log Speed = no >> >>I get these in my logs: >> >>Feb 7 07:27:37 mta1 MailScanner[19403]: Batch processed in 36.65 seconds >>Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17COSFG019175 >>to SQL >>Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17CN0FG019106 >>to SQL >>Feb 7 07:27:37 mta1 MailScanner[19403]: "Always Looked Up Last" took >>0.05 secon >>ds >> >>I double-checked the setting and restarted twice... Is that normal? >> >>Regards, >> >>-- >>Ugo >> >>-> Please don't send a copy of your reply by e-mail. I read the list. >>-> Please avoid top-posting, long signatures and HTML, and cut the >>irrelevant parts in your replies. >> > > Hi Ugo, > > There is/was an ongoing thread about this, that basically covers the > why and how etc of this one. Executive summary is: Jeff wanted it, > Jules liked the idea, and now we all get it. Some others rather > didin't like it... So ... You are not alone ... (Me, I'm still on the > fence:-). > -- > -- Glenn Glenn is correct. The Log Speed setting doesn't affect the logging of the items you mentioned. I'm not sure what it does stop??? In any case, if you don't want the speed logging then you'll need to comment out the appropriate lines in MessageBatch.pm. From MailScanner at ecs.soton.ac.uk Tue Feb 7 14:45:05 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 7 14:45:15 2006 Subject: 4.50.14 possible bug In-Reply-To: <43E8ABA1.7040801@rogers.com> References: <223f97700602070518h7d369b2fm@mail.gmail.com> <43E8ABA1.7040801@rogers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Remind me in about 10 days about this, and I'll add a line so that the last line of your output is not logged unless Log Speed is switched on. I'm on holiday in 1.25 hours :-) On 7 Feb 2006, at 14:16, Gerry Doris wrote: > Glenn Steen wrote: >> On 07/02/06, Ugo Bellavance wrote: >>> Hi, >>> >>> Even tough I have: >>> >>> Log Speed = no >>> >>> I get these in my logs: >>> >>> Feb 7 07:27:37 mta1 MailScanner[19403]: Batch processed in 36.65 >>> seconds >>> Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message >>> k17COSFG019175 >>> to SQL >>> Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message >>> k17CN0FG019106 >>> to SQL >>> Feb 7 07:27:37 mta1 MailScanner[19403]: "Always Looked Up Last" >>> took >>> 0.05 secon >>> ds >>> >>> I double-checked the setting and restarted twice... Is that normal? >>> >>> Regards, >>> >>> -- >>> Ugo >>> >>> -> Please don't send a copy of your reply by e-mail. I read the >>> list. >>> -> Please avoid top-posting, long signatures and HTML, and cut the >>> irrelevant parts in your replies. >>> >> Hi Ugo, >> There is/was an ongoing thread about this, that basically covers the >> why and how etc of this one. Executive summary is: Jeff wanted it, >> Jules liked the idea, and now we all get it. Some others rather >> didin't like it... So ... You are not alone ... (Me, I'm still on the >> fence:-). >> -- >> -- Glenn > > Glenn is correct. The Log Speed setting doesn't affect the logging > of the items you mentioned. I'm not sure what it does stop??? > > In any case, if you don't want the speed logging then you'll need > to comment out the appropriate lines in MessageBatch.pm. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+iyc/w32o+k+q+hAQGLdQgAoSSZmcW1AYyqkHqJrZmHIXJZ//2ceRRi RH74ROBGPfUo+6GDIYT8jt6OBdf2xNePOMyzHU8SrWbOalURCnEK5JXVW8mFnPgQ /xj1pXORKeqbDmTnv0OBLFfmSNLagUe5km51nUEzOQBFovY6YqUaogSJAMn14bv6 rMJQGS1Qqvky/eLbHQH85mNcNK8N0kc8R0AWr6rXp+n+1jpnSbV1y3EbeGkWL/21 dBFIUUbtMx4piV+A6ldh5Lps+88egVk4TuZMB/rOLqG488I1owqVd8r8xW8GzR47 9TJymN0BDtAsbl9uiGmkURKtIrxJJVNGSm7ZiE9pyvz2yGI0NJx8mg== =rYz7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Tue Feb 7 14:52:38 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue Feb 7 14:52:40 2006 Subject: 4.50.14 possible bug In-Reply-To: References: <223f97700602070518h7d369b2fm@mail.gmail.com> <43E8ABA1.7040801@rogers.com> Message-ID: <43E8B436.6060105@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And I wanted to try and update my MS tonight :-) Have fun Lance Julian Field wrote: > Remind me in about 10 days about this, and I'll add a line so that > the last line of your output is not logged unless Log Speed is > switched on. > > I'm on holiday in 1.25 hours :-) > > On 7 Feb 2006, at 14:16, Gerry Doris wrote: > >>> Glenn Steen wrote: >>>> On 07/02/06, Ugo Bellavance wrote: >>>>> Hi, >>>>> >>>>> Even tough I have: >>>>> >>>>> Log Speed = no >>>>> >>>>> I get these in my logs: >>>>> >>>>> Feb 7 07:27:37 mta1 MailScanner[19403]: Batch processed in 36.65 >>>>> seconds >>>>> Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message >>>>> k17COSFG019175 >>>>> to SQL >>>>> Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message >>>>> k17CN0FG019106 >>>>> to SQL >>>>> Feb 7 07:27:37 mta1 MailScanner[19403]: "Always Looked Up Last" >>>>> took >>>>> 0.05 secon >>>>> ds >>>>> >>>>> I double-checked the setting and restarted twice... Is that normal? >>>>> >>>>> Regards, >>>>> >>>>> -- >>>>> Ugo >>>>> >>>>> -> Please don't send a copy of your reply by e-mail. I read the >>>>> list. >>>>> -> Please avoid top-posting, long signatures and HTML, and cut the >>>>> irrelevant parts in your replies. >>>>> >>>> Hi Ugo, >>>> There is/was an ongoing thread about this, that basically covers the >>>> why and how etc of this one. Executive summary is: Jeff wanted it, >>>> Jules liked the idea, and now we all get it. Some others rather >>>> didin't like it... So ... You are not alone ... (Me, I'm still on the >>>> fence:-). >>>> -- >>>> -- Glenn >>> Glenn is correct. The Log Speed setting doesn't affect the logging >>> of the items you mentioned. I'm not sure what it does stop??? >>> >>> In any case, if you don't want the speed logging then you'll need >>> to comment out the appropriate lines in MessageBatch.pm. >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD6LQ2M4kHBIBZ61gRAmLIAJoDf6Lo5/gPvuP1LJe+pVKP95XYDACdFgZ1 14sgCBIjTCs4tf6fPQ/JXwk= =Fux9 -----END PGP SIGNATURE----- From mailscanner at lightpro.de Tue Feb 7 15:15:48 2006 From: mailscanner at lightpro.de (mailscanner@lightpro.de) Date: Tue Feb 7 15:15:59 2006 Subject: Global Rule for checking mails Message-ID: <1139325347.23424@lightpro1.lightpro.de> Hi! Is it possible to set a rule where I can configure if mailscanner checks mails from email adresses or not? We had mailscanner running with debian woody and after upgrading to sarge it seems that mailscanner checks every outgoing mail, if it's in the rules or not. The rules file looks like this: FromOrTo: *@domain1.de yes To: *@domain2.de yes To: *@domain3.de yes FromOrTo: default no For testing I've set the rule for domain1 to no but mailscanner checks mails coming or going to this adress... Hope you understand what I've wrote... :) Kind Regards, Ingo From alex at nkpanama.com Tue Feb 7 15:29:17 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 7 15:29:26 2006 Subject: sendmail greet_pause feature In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BCD@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BCD@isabella.herefordshire.gov.uk> Message-ID: <43E8BCCD.2040803@nkpanama.com> We have about a half-dozen major ISP's in our country, and I usually will add their particular dialup-dsl-cable reverse dns domains (like, for example, .dslsubscriber.localisp.com) with a high (30s) delay, and default to something more sensible (8s) for everybody else except for trusted domains. That way, legitimate mail from legitimate SME's who happen to use their services will come through, and compromised machines will not. Speaking of SME's, greylisting also works extremely well, and is almost transparent when the delay is set to something small, like a minute. Speaking of which, it would be somewhat trivial for a programmer (IANAP, but I can try, in "bash" or something) to have a script that runs every minute, looks at /var/log/maillog, and inserts iptables rules blocking port 25 from IP's who have tried unsuccessfully more than a specific number of times in the last minute to send mail violating the rfc's, only to be unblocked after another specified interval. In very sloppy pseudocode it would be something like (again, IANAP): ------------------------ sleep till the next minute (or 60s, or whatever); for addresses in `grep the maillog for (time(now)-(time - 1min) | grep "pre-greeting" /var/log/maillog | cut -d \[ -f 3 | cut -f 1 -d \] | sort -u` do; store time (now) + separator + address in (database|textfile|whatever); exec ('iptables -A INPUT -p tcp --dport 25 -j DROP -s' + address); done; while not eof(database|textfile|whatever) do; read timerecord,address; if time(now) > timerecord+interval then exec ('iptables -D INPUT -p tcp --dport 25 -j DROP -s' + address); fi; done; -------------------------- Doable? Anyone? Randal, Phil wrote: > I've done that, it was more a cautionary note to others. > > greet_pause is currently catching about 10% of our incoming emails. > > Around 40% of our incoming mail was spam, so it helps. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Alex Neuman van der Hans >> Sent: 07 February 2006 13:22 >> To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> >> Whitelist them using the access db (put their netblocks or >> domains on a, say, 3 second delay instead). >> >> Randal, Phil wrote: >> >>> Looking at the last couple of days' sendmail logs I'm finding a few >>> who really should know better falling foul of a greet_pause >>> >> 10 second delay: >> >>> ncsmtp02.partner.nspcc.org.uk >>> gateway.brent.gov.uk >>> >>> and these ISPs. Tut tut! >>> >>> various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1) >>> various mx servers at mail.uk.clara.net >>> >> (mx0.mail.uk.clara.net through >> >>> mx5) >>> store0.mail.uk.easynet.net >>> >>> Cheers, >>> >>> Phil >>> ---- >>> Phil Randal >>> Network Engineer >>> Herefordshire Council >>> Hereford, UK >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On >>>> >> Behalf Of Will >> >>>> McDonald >>>> Sent: 07 February 2006 11:44 >>>> To: MailScanner discussion >>>> Subject: Re: sendmail greet_pause feature >>>> >>>> On 07/02/06, Roger Jochem wrote: >>>> >>>> >>>>> I just enabled the greet_pause im my sendmail. I'm seing a lot of >>>>> warnings in my maillog about messages being rejected >>>>> >>>>> >>>> becouse there was >>>> >>>> >>>>> a pre-greeting traffic. Is there some way I could see >>>>> >> what messages >> >>>>> were this rejected messages, just to be sure I'm not >>>>> >>>>> >>>> rejecting "good mail". >>>> >>>> Given what greet_pause is doing, and why, I doubt there's anyway >>>> you're going to get more than is already contained in the log >>>> message. >>>> >>>> Most of the rejections we've seen since enabling it last week have >>>> been >>>> >>>> * from IP addresses without reverse DNS >>>> * within dynamically assigned ranges (DSL, cable modems >>>> >> and the like) >> >>>> * from *.pl, *.ru, *.kr and other usually suspicious TLDs. >>>> >>>> Try something like... >>>> >>>> $ awk '/due to pre-greeting/ { print $10 }' >>>> >> /var/log/maillog | sort >> >>>> -u >>>> >>>> Have a scan through and the chances are it'll all be suspicious >>>> looking. And remember, even if the reverse lookup makes them look >>>> potentially legit, they're still trying to inject mail >>>> >> traffic before >> >>>> you've told them to, which should immediately raise concerns. >>>> >>>> Will. >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >> -- >> >> Alex Neuman van der Hans >> N&K Technology Consultants >> Tel. +507 214-9002 - http://nkpanama.com/ >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From PHachey at city.cornwall.on.ca Tue Feb 7 15:45:42 2006 From: PHachey at city.cornwall.on.ca (Philip Hachey) Date: Tue Feb 7 15:45:45 2006 Subject: MailScanner 4.50.15 problem: Scan Messages variable. Message-ID: In MailScanner.conf, I have the variable "Scan Messages" pointed to a ruleset. The "result values" are apparently ignored when two lines are matched. Below are various scenarios and the results. SCENARIO A: From: 127.0.0.1 no FromOrTo: default yes RESULTS A: Mail to any@domain.com from localhost => not scanned Mail to any@domain.com from external => scanned OK SCENARIO B: To: postmaster@domain.com no FromOrTo: default yes RESULTS B: Mail to postmaster@domain.com from localhost => not scanned Mail to postmaster@domain.com from external => not scanned Mail to anyother@domain.com from localhost => scanned Mail to anyother@domain.com from external => scanned OK SCENARIO C (the desired one): From: 127.0.0.1 no To: postmaster@domain.com no FromOrTo: default yes RESULTS C: Mail to postmaster@domain.com from localhost => SCANNED! Mail to postmaster@domain.com from external => not scanned Mail to anyother@domain.com from localhost => not scanned Mail to anyother@domain.com from external => scanned NOT OK I even tried adding the following to the ruleset: From: 127.0.0.1 and To: postmaster@domain.com no However, while it works if it's the only matching rule in the ruleset, as soon as I add either of the following lines, then none of them are triggered when mail is sent to postmaster@domain.com from localhost: From: 127.0.0.1 no To: postmaster@domain.com no Philip Hachey From HancockS at morganco.com Tue Feb 7 16:00:42 2006 From: HancockS at morganco.com (Hancock, Scott) Date: Tue Feb 7 16:00:56 2006 Subject: Max file depth rule syntax help. Message-ID: <7A6F9F7356141C42987075747C5B87D302764E6D@wmail.int.morganco.com> I want to allow zip files from an IP without scanning filename rules So that zips can be sent with dangerous content. Here are the relevant settings. The IP is a placeholder. MailScanner.conf Maximum Archive Depth = %rules-dir%/archive.depth.rules archive.depth.rules FromOrTo: 255.255.255.255 0 FromOrTo: default 2 syslog Config Error: Cannot match against destination IP address when resolving configuration option "maxzipdepth" It seems to me this follows the ruleset syntax. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rul esets:readme Thanks Scott From alex at nkpanama.com Tue Feb 7 16:04:18 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 7 16:04:26 2006 Subject: Max file depth rule syntax help. In-Reply-To: <7A6F9F7356141C42987075747C5B87D302764E6D@wmail.int.morganco.com> References: <7A6F9F7356141C42987075747C5B87D302764E6D@wmail.int.morganco.com> Message-ID: <43E8C502.5040806@nkpanama.com> Hancock, Scott wrote: > I want to allow zip files from an IP without scanning filename rules So > that zips can be sent with dangerous content. > > Here are the relevant settings. The IP is a placeholder. > > MailScanner.conf > Maximum Archive Depth = %rules-dir%/archive.depth.rules > > archive.depth.rules > FromOrTo: 255.255.255.255 0 > FromOrTo: default 2 > > syslog > Config Error: Cannot match against destination IP address when > resolving configuration option "maxzipdepth" > > > It seems to me this follows the ruleset syntax. > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rul > esets:readme > > It doesn't. You need "From:" IP, because MS can't tell the To: IP (MS isn't an MTA). > Thanks > > Scott > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From glenn.steen at gmail.com Tue Feb 7 16:15:15 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 7 16:15:18 2006 Subject: 4.50.14 possible bug In-Reply-To: References: <223f97700602070518h7d369b2fm@mail.gmail.com> <43E8ABA1.7040801@rogers.com> Message-ID: <223f97700602070815s12f83c38h@mail.gmail.com> On 07/02/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Remind me in about 10 days about this, and I'll add a line so that > the last line of your output is not logged unless Log Speed is > switched on. > > I'm on holiday in 1.25 hours :-) Much deserved, have a good one! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Tue Feb 7 16:50:02 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Feb 7 16:50:17 2006 Subject: Global Rule for checking mails In-Reply-To: <1139325347.23424@lightpro1.lightpro.de> Message-ID: <00ae01c62c06$8a90d010$3004010a@martinhlaptop> Hi Better to do this ip-based as spam/viruses fake the from domain to be the to domain etc.... Have a look at the "Scan Email" option MailScanner.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of mailscanner@lightpro.de > Sent: 07 February 2006 15:16 > To: mailscanner@lists.mailscanner.info > Subject: Global Rule for checking mails > > Hi! > > Is it possible to set a rule where I can configure if mailscanner checks > mails from email adresses or not? > > We had mailscanner running with debian woody and after upgrading to sarge > it seems that mailscanner checks every outgoing mail, if it's in the rules > or not. > > The rules file looks like this: > > > FromOrTo: *@domain1.de yes > To: *@domain2.de yes > To: *@domain3.de yes > > FromOrTo: default no > > For testing I've set the rule for domain1 to no but mailscanner checks > mails coming or going to this adress... > > Hope you understand what I've wrote... :) > > Kind Regards, Ingo ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From HancockS at morganco.com Tue Feb 7 16:58:37 2006 From: HancockS at morganco.com (Hancock, Scott) Date: Tue Feb 7 16:58:52 2006 Subject: Max file depth rule syntax help. Message-ID: <7A6F9F7356141C42987075747C5B87D302764EE2@wmail.int.morganco.com> > > > > > It doesn't. You need "From:" IP, because MS can't tell the > To: IP (MS isn't an MTA). Thanks Alex. Scott From dmehler26 at woh.rr.com Tue Feb 7 17:19:29 2006 From: dmehler26 at woh.rr.com (Dave) Date: Tue Feb 7 17:28:23 2006 Subject: mailscanner and perdomain white and blacklists References: <003f01c62787$c3f61370$0200a8c0@satellite> <46930868-3367-42BE-91FD-75B47F99B677@ecs.soton.ac.uk> <002b01c6281b$79cb1c20$0200a8c0@satellite> <43E2414A.90901@ecs.soton.ac.uk> Message-ID: <004e01c62c0a$a8159680$0200a8c0@satellite> Hi Julian, Sorry about the long delay in getting back to you. I checked out CustomConfig.pm and if i'm reading it right what i have to do is set the "Is Definitely Spam" and "Is Definitely Spam" to point to a directory for white and blacklists. So say i want a whitelist for example1.com i would make a /etc/MailScanner/domains directory for all my domains and point ms to it. Then make a directory for example1.com and then a file spam.whitelists.conf adding in what i want. Put the blacklist in the same area. Before i let you know of my problem do i have this right so far? Checking the MS config on thi